Here are a few stories published during my break about court cases concerning cellphone location data, targeted behavioral advertising and privacy.
Ars Technica: Judge says warrant required for cell phone location data
In recent years, the courts have struggled to decide whether the government needs a warrant to access historical records about a cell phone user’s location. Some courts have found that when users turn on their cell phones, they “voluntarily” transmit their location to their cell phone providers and thereby waive any expectation of privacy.
On Monday, Judge Nicholas Garaufis of the Eastern District of New York soundly rejected this line of reasoning. The federal government had asked the courts to order Verizon Wireless to turn over 113 days of location data about a suspect’s cell phone. It did so under a provision of the Stored Communications Act that only requires law enforcement to show that the records are “relevant and material to an ongoing criminal investigation.”
Does the government violate the Constitution when it obtains location data without meeting the Fourth Amendment’s “probable cause” standard? Some courts have found that it does not. But in a 22-page opinion, Judge Garaufis analyzed and rejected these other courts’ arguments, holding that law enforcement needs a warrant to obtain months of location data. […]
[Judge Garaufis ruled] that the distinction between content and non-content information didn’t make sense in this context. “There is no meaningful Fourth Amendment distinction between content and other forms of information, the disclosure of which to the Government would be equally intrusive and reveal information society values as private,” he wrote.
Instead, he offered two reasons to think the Fourth Amendment protects cell phone location data. First, the third-party doctrine should not apply to “widely used communication technologies in which service-provider intermediaries receive and store private user information incident to the service.”
And second, “established normative privacy considerations support the conclusion that the reasonable expectation of privacy is preserved here.” In other words, when a user signs up for a cell phone, he’s not consenting to his cell phone provider disclosing a complete record of his movements to the government.
As rapidly evolving technological advances allow people to be tracked by global positioning devices found in most new cellphones, Congress and courthouses nationwide are trying to balance privacy rights with the needs of law enforcement to locate criminals.
Maryland U.S. District Judge Susan K. Gauvey recently refused to issue a warrant sought by federal authorities to find a suspect through his cellphone’s GPS data, saying the government was trying to use technology in a new way — “not to collect evidence of a crime, but solely to locate a charged defendant.” […]
In Baltimore’s federal court, Gauvey conceded in a 139-page ruling that “to some, this use would appear reasonable, even commendable and efficient.” But, the judge wrote, “To others, this use of location data by law enforcement would appear chillingly invasive and unnecessary in the apprehension of defendants.”
The American Civil Liberties Union questions how the GPS data is being used by police. The group said last week that police in Michigan sought information for every mobile phone near a planned labor protest, and that Sprint, in just over a year, received 8 million requests from police for global positioning data. The Maryland ACLU chapter is not among [three dozen ACLU affiliates around the country who filed public information requests recently with local police agencies seeking statistics on how often GPS data is sought, how it’s used and how it’s stored.]
Computerworld: Lawsuit accuses comScore of extensive privacy violations
A proposed class-action lawsuit filed in federal court in Chicago on Tuesday accuses online tracking and analytics firm comScore of surreptitiously collecting Social Security numbers, credit card numbers, passwords and other data from consumer systems.
The lawsuit also accuses comScore of a wide range of other misdeeds, including changing security settings and opening backdoors on end-user systems, stealing information from word processing documents, emails and PDFs, redirecting user traffic, and injecting data collection code into browsers and IM (instant messaging) applications.
The suit was filed on behalf of two individuals, one from Illinois and the other from California, who claimed their privacy rights were violated by comScore’s data collection software. It seeks an injunction against the company’s practices and damages for comScore’s alleged violations of the Stored Communications Act, the Computer Fraud and Abuse Act and other statutes. […]
The company offers a range of services designed to allow its customers to track and profile Internet users for audience measurement and targeted advertising purposes.
The software that the company uses to do such tracking is typically downloaded on user systems along with free software products such as screens savers and music sharing software. In other cases, users are encouraged to download the software in exchange for a chance to enter free sweepstakes and similar incentives.
The lawsuit characterized comScore’s software as intrusive surveillance tools that allowed the company to monitor every keystroke and every action taken by a user on the Internet. To collect data, comScore’s software modifies a computer’s firewall settings, redirects Internet traffic, and can be upgraded and controlled remotely, the complaint alleges.