There has been an ongoing discussion about how privacy rights can be eroded because laws do not anticipate changing technology. The most prominent example is the Electronic Communications Privacy Act, which was passed in 1986 and remains mired in the technology of that time, which did not include cloud computing, location tracking via always-on mobile devices and other current technology that can reveal our most personal information. (The World Wide Web was invented three years later, in 1989.)

While ECPA includes protection for email and voicemail communications, the 180-day rule is archaic as applied to how the technology is used today. (The rule is: If the email or voicemail message is unopened and has been in storage for 180 days or less, the government must obtain a search warrant. If the message is opened or has been stored unopened for more than 180 days, the government can access your message via a special court order or subpoena.) Thirty-two years ago, people had to download their email to their computers; the download would trigger an automatic deletion of the content from the provider’s servers. The government could not subpoena an Internet Service Provider (ISP) for your email because it did not have them in 1986. Now, copies of your private email remain stored in the cloud for years by third-party service providers (Google, Facebook, Dropbox, etc.)

Privacy and civil liberty advocates have been trying for years to update ECPA. Last year, the U.S. House passed the Email Privacy Act, which would codify the rule set out in 2008’s Sixth Circuit case Warshak v. United States: The government must obtain a warrant before they could seek to compel an ISP or other service providers to hand over a person’s private messages. This year, the Email Privacy Act is part of the House version of the National Defense Authorization Act, a must-pass bill. But the Senate has its own version of the NDAA and it’s unknown whether the privacy legislation will be part of it. Read more »

Two Florida detectives tried to use a dead man’s fingerprints to unlock his phone, the Tampa Bay Times reported, and that act raised privacy questions.

Linus F. Phillip “was shot and killed [by a Largo, Fla., police officer] March 23 at a Wawa gas station after police said he tried to drive away when an officer was about to search him,” the Times reported. Later, two detectives came to the Sylvan Abbey Funeral Home in Clearwater with Phillip’s phone, according to Phillip’s fiancee, Victoria Armstrong. “They were taken to Phillip’s corpse. Then, they tried to unlock the phone by holding the body’s hands up to the phone’s fingerprint sensor,” the Times reported.

Phillip’s fiancee is upset. She was not notified that the detectives would be coming to the funeral home, and the police did not get a warrant for their actions.

Although the detectives’ actions have been criticized as unethical, they are legal because dead people have fewer rights than the living, especially concerning privacy and search and seizure. The courts have split on whether living defendants can be forced to use biometrics such as fingerprints or facial scans to unlock their mobile devices. (Another difference from the Phillips case is that these court cases involved warrants.) Read more »

Recently, an Australian student publicized that Strava, a fitness app, had published online a Global Heat Map that “uses satellite information to map the locations and movements of subscribers to the company’s fitness service over a two-year period, by illuminating areas of activity,” according to the Washington Post. Strava “allows millions of users to time and map their workouts and to post them online for friends to see, and it can track their movements at other times,” the New York Times reports.

The data, culled from Strava’s 27 million users (who own Fitbits and other wearable fitness devices), is not updated in real-time. Yet the map still raised privacy and security questions for Strava’s users.

A similar case in 2011 concerning wearable device Fitbit also raised privacy questions about searchable fitness data. There was an uproar over Fitbit’s privacy settings when people who were logging their sexual activity as a form of exercise learned that the data was showing up in Google searches. And in 2014, Jawbone faced criticism after it published data about how many people wearing its fitness tracker woke up during an earthquake in Northern California. People questioned whether Jawbone’s privacy and data-sharing policies had disclosed such use of their health data.

Fitness devices, including smartwatches, and mobile health or wellness apps are used by tens of millions of people worldwide. There are many such apps available in Apple’s and Google’s app stores. The data gathered can reveal much personal information about individuals. In the case of Strava, you could track patterns of activity over the two years’ worth of data. Read more »

In 2013, a man stole the name and Social Security Number of a child who died soon after his birth in 1974. “His new, clean record helped [Shawn] Gover got a job in 2016 as head of finances for a golf club in Powhatan, Va. Then he stole $33,557. The fake identity also helped him buy a Sig Sauer semiautomatic pistol despite his felony conviction,” the Washington Post reports. Recently, Gover, 47, was caught and recently sentenced to four years in prison on firearms and identity theft charges. Unfortunately, the theft of a child’s identity, and its use to facilitate fraud or other crimes, is not uncommon. And it can be easy to find and buy the SSNs. Researchers at Terbium Labs recently discovered a cache of children’s SSNs for sale online.

From the moment an infant receives her Social Security Number in the weeks after her birth, she is vulnerable to identity theft. Such thefts can be undetected for years, until a young adult attempts to apply for student or car loans or a credit card and learns someone has been using his name and SSN for years. (Identity theft is common for all ages, according to federal statistics. The latest figures from the Bureau of Justice Statistics found, “An estimated 17.6 million persons, or about 7 percent of U.S. residents age 16 or older, were victims of at least one incident of identity theft in 2014.”)

In a 2011 child identity theft report, Carnegie Mellon University’s CyLab found: “4,311 or 10.2% of the children in the report had someone else using their Social Security number – 51 times higher than the 0.2% rate for adults in the same population.” And: “The youngest victim was five months old; 303 victims were under the age of five.” The report “is based on identity protection scans on 42,232 children (age 18 and under) in the U.S during 2009-2010. This pool of 42,232 child identities includes everyone under 18 in a database of over 800,000 identity records.” And credit-reporting agency Experian has said it ^“handles 25,000-30,000 fraud cases each year and approximately 17% were targeted at children. According to Michael Bruemmer, Vice President of Consumer Protection for Experian, child identity fraud or theft will affect 25% of kids before turning 18.” Read more »

International Data Privacy Day is Sunday. There are a variety of events occurring this week to celebrate. Visit the official site to find events near your area. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Please also donate to any number of organizations out there trying to protect your privacy rights.

Today is Giving Tuesday, and here are a few consumer, privacy, and civil liberty groups that could use donations to continue to fight for your rights: ACLU national (or give to your local chapter), Center for Digital Democracy, Consumers Union, Electronic Frontier Foundation, Electronic Privacy Information Center, Privacy International, and the World Privacy Forum.