Privacy Cases
News stories abound with cases of privacy litigation and compromises. The laws are still being defined, and it's the Wild West when it comes to prosecution. One major topic being debated by courts throughout the U.S. is whether public court records detailing child abuse, financial records, or medical information should be posted on the Internet. Rules governing electronic publication of documents in civil and criminal cases are being defined and debated. A panel of state court administrators will propose national guidelines that try to balance the public's right to know against an individual's right to privacy. Each state currently decides whether to post court documents online and whether to withhold some information that is otherwise available to the public at courthouses. Los Angeles Superior Court Judge Kathleen Kennedy-Powell said online posting of information as seemingly non-controversial as traffic citations could enable the spouse of a domestic violence victim to discover the person's new address.
The government is also finding it difficult to define the line of where they have power to enforce laws and self-regulation. In one case, the FTC found it “likely” that Amazon and its subsidiary, Alexa, illegally deceived customers about their data collection practices. However, the FTC did not take any punitive action. Alexa produces a Web browser plug-in that helps users find Web sites that match their interests. The FTC started investigating the company in response to complaints that Alexa sometimes captured personal information such as street and e-mail addresses. Its privacy policy said all data collected “remains anonymous,” but Alexa had changed its privacy policy to describe in more detail what types of data it collects. The FTC cited a number of reasons for not going after Amazon. Because the case was brought forth, Alexa has changed its practice and modified the policy.
Few laws address what a company can and can't do with information collected online. The FTC has taken on the burden of protecting online privacy. The problem is the FTC doesn't have the power to enforce self-regulation or even some laws that are passed. “The agency's jurisdiction is (over) deception,” stated Lee Peeler, the FTC's associate director for advertising practices. “If a practice isn't deceptive, we can't prohibit them from collecting information. The agency doesn't have the jurisdiction to enforce privacy. It has the authority to challenge deceptive practices.” The lack of government enforcement will continue until laws have clearly defined what is legal versus illegal.
In another case of invasion of privacy, the Supreme Court said a radio host can't be sued for airing an illegally taped telephone conversation. The cases are Bartnicki vs. Vopper, 99-1687, and U.S. vs. Vopper, 99-1728. In a 6–3 vote, the court said the First Amendment supercedes wiretap laws in the case of the host who played a recording made by someone else. “A stranger's illegal conduct does not suffice to remove the First Amendment shield from speech about a matter of public concern,” said Justice John Paul Stevens. A lower court ruled in favor of a Pennsylvania radio host and others who aired a tape of an intercepted cellular phone call, saying the airing of a public concern was legal in the manner in which the radio host made the information public. In this case, someone's personal cell phone conversation was recorded and aired. Even though the conversation was about illegal matters, the question we face is can any phone conversation be made public? It could set a precedent for further invasion of our privacy. Cell phone conversations can be taped easily, and this case gives some legal precedent for not prosecuting the person eavesdropping on the calls.
The U.S. laws, and U.S. vs. Vopper, 99-1728. seem contradictory on the issue of right to privacy. As companies are facing the issue of how much legal leeway they have in using and abusing your personal information, the laws haven't even begun to come close to defining responsibility for transmission of information. The case of Napster being sued and losing the battle to share copyrighted information is one step toward defining responsibility. (People used Napster to download and share music files.) Even though Napster did not make copies of information itself, it hosted the servers that stored the files, which caused it to lose the case.
The next entity that could possibly face prosecution is the ISP. In the past, ISPs have argued that they are not responsible for data flowing through their systems. So, if a hacker attacks someone from an AOL account, AOL would not be held responsible. ISPs do not cut off people from their service even if they are performing illegal activities. If they were to do that, the ISPs would become the cybercops of the Internet. If the responsibility were placed on the ISPs, they would have to start monitoring your traffic and watching what you do to ensure you are not performing any illegal activities. The Digital Millennium Copyright Act (DMCA) already exempts ISPs from any obligation to monitor their networks for copyright violations and absolves them of liability for transient files. But ISPs are receiving more subpoenas for disclosure of information as more cases are brought to court. AOL processed more than 400 requests last year. Sharing of data in Napster-like fashion will probably develop into peer-to-peer networking, in which consumers can directly trade files between their computers. Peer-to-peer has the advantage of keeping identity information secure. Countries that have more relaxed laws than the U.S. will see an influx of Internet hubs and connectivity to avoid restrictions in countries such as the U.S. and EU.
The “Sex Spam” bill, called the Unsolicited Commercial Electronic Mail Act of 2001, was recently passed by the House Judiciary Committee and seemed like the government was helping us get rid of all spam (junk e-mail) related to sex. What some legitimate businesses that deal in sex-related issues are finding is that it can be illegal for them to operate also. One amendment that was adopted makes the bill apply to all e-mail advertisements related to sex—not just unsolicited ones. Instead of banning sex notes outright, the bill fines companies and doles out a one-year prison term to anyone who e-mails an advertisement relating to sex without including a special advisory to be drafted by the attorney general. This label can enable spammers to get around the intention of the bill, which in effect still subjects consumers to junk e-mails. The inability of consumers to sue breakers of the law further weakens the act. The government is still struggling to understand technology and implement laws that actually safeguard our privacy. Each law that is passed has loopholes to either let our personal information out the door or just outright weakens our rights.
Note
The FOIA has helped advocacy groups gain information about the government invasions of our privacy in the U.S. One newsworthy attack on personal privacy is the DCS1000 program mentioned earlier. The FBI states that DCS1000, which is installed at the facilities of an ISP and can monitor all traffic moving through that ISP, filters data traffic and delivers to investigators only those packets that the FBI is lawfully authorized to obtain. The FBI's compliance with legal requirements is questionable because it has refused to submit some information that was in Electronic Privacy Information Center's (EPIC) FOIA request. The FBI is supposed to detail why it has refused to comply with the request. Monitoring of communications is becoming more pertinent in law enforcement because of the rise in technology crimes, but this places consumer privacy at risk. The Administrative Office of the U.S. Courts released its 2000 Wiretap Report that indicated 60% of wiretaps authorized in 2000 were for wireless devices such as cellular phones and pagers. The report also indicates that 22 investigations encountered encrypted communications, but it did not prevent access to plain text. Wireless devices will be subject to the intense scrutiny the Internet is facing by law enforcement.
Several laws that affect consumer privacy and personal information are as follows:
Electronic Communications Privacy Act of 1986— The ECPA prohibits the unauthorized interception of cellular telephone calls and computer-to-computer transmissions. Violations can result in civil liability of not less than $100 for each day of violation. The protection of the ECPA also extends to unauthorized access or disclosure of stored electronic communications, and violators are liable for damages suffered or forfeiture of profits.
Telecommunications Act of 1996— Under section 702, customer proprietary network information (CPNI) can't be used for any purpose other than to provide telecommunications services. Suits can be filed to recover damages. Carriers can use customer information to provide telecommunications service, including the publication of subscriber directories; provide customer information to others at the written request of the customer; and provide customer information in aggregate form. The act also allows telecommunications carriers an exception to use customer information: to initiate, render, bill, and collect for their services; to protect against fraudulent, abusive, or illegal conduct; and to provide telemarketing, referral, or administrative services during a call initiated by the customer.
Consumer Credit Reporting Reform Act of 1996— The 1996 Act amends the Fair Credit Reporting Act of 1970 (FCRA) to require improved notice and right of access for credit reporting subjects. The Reform Act imposes new restrictions on resellers of consumer credit reports. Suits can be filed to recover damages and attorneys' fees. States have taken action to include bank records, cable television subscriptions, credit reports, employment records, government records, genetic information and medical records, insurance records, school records, electronic communications, and video rentals.