PrivacyPrivacy

MGMT 661 - Summer 2012, Dannelly

Night 3, Lecture Part 2

Outline for Tonight Legal Topics - Part 1

SPAM Software Warranties Software Copyrights and Patents Intellectual Property Laws

Privacy - Part 2privacy from your employerprivacy from businessesprivacy from the government

Initial Questions Is privacy a right?

inalienable right? e.g. life, liberty, pursuit of happiness

legal (civil) right? e.g. right to vote, no taxation without representation

not a right

What do privacy rights have to do with business?

Types of Privacy

Freedom from Unwarranted Intrusion

Freedom from Interference in One's Personal Affairs

Control over the Flow of Personal Information

Tech's Impact on Privacy

duration of data storage

variety of data that can be shared

amount of data gathered

speed of data movement

Workplace PrivacyWorkplace Privacy

you don't have many workplace privacy rights

City of Ontario, California v. Quon et al. US Supreme Court, June 17, 2010 supervisors of public employees can read their

employees' text messages on government issues devices

Is online shopping different from in-store shopping?

Q: Does online shopping give you more or less privacy?

more privacy - your neighbors will not see you less privacy - online shopping gives the company much more

info about you

Q: Is the data the company gathers different? online, they know every item you looked at, how long you

spent looking, etc

Sources of Personal Data phone book public records credit card statements web cookies rewards programs spyware TiVo RFID …

Data Mining definition: searching through databases to discover patterns and relationships

usually used for prediction

example: company XYZ operates toll booths and collects data about which car

IDs pass and when company ABC buys XYZ's data and data from credit card companies.

ABC now knows the addresses of frequent drivers along with credit limits

ABC sells this secondary data to banks "We see that your car has 100,000 miles. Need a car loan?"

Info Security

How safe is that cookie data?

Example: Toysmart.com privacy statement said that the personal info

of users would not be sold or exchanged

the company went bankrupt in 2000

Toysmart sold its assets, including the customer database

DoubleClick.comDoubleClick.com gathers data from cookies from banners placed

on a large number of web sites

DC can cross-reference data to build profiles of individual users

cookie data can be used to manage which ads individuals see and how many times the ads are seen. For example, using frequency capping, as I surf from

website to website they can make sure I only see the same car ad 10 times per day

In 1999, DC announced that it planned to purchase Abacus Direct for $1.7B, a consumer database company containing the names, addresses, phone numbers, etc of 90% of American Households.

Google bought DoubleClick for $3.1B in cash in April 2007. congress held hearings to investigate the privacy and monopoly

implications of the merger Microsoft complained about this creating a monopoly

ChoicePoint to pay $15M to settle chargesThe data warehouser will settle charges that it failed to protect

consumers' personal financial information, the FTC says.January 26, 2006

WASHINGTON (Reuters) - ChoicePoint Inc. has agreed to pay $15 million to settle charges that it failed to adequately protect consumers' personal financial information, the Federal Trade Commission said Thursday.

The company has agreed to pay a $10 million civil penalty, provide $5 million to compensate consumers, and take steps to better safeguard personal information so it is used only for legitimate purposes, the agency said.

The company last year admitted that more than 163,000 personal records had been compromised, the agency said.

The FTC charged ChoicePoint illegally gave credit histories to people who were not authorized to obtain them and failed to have reasonable procedures to verify the identities of those who requested the information and how the data was to be used.

The company also made false and misleading statements about its privacy policies, the FTC charged.

Is your right to privacy protected by the U.S. Constitution?

No. Well, maybe. ... 1st Amendment

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or …

14th Amendment No State shall deprive any person of life, liberty, or property, without

due process of law.

9th Amendment The enumeration in the Constitution, of certain rights, shall not be

construed to deny or disparage others retained by the people.

44thth Amendment AmendmentThe right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Katz v United States without a warrant, police placed a bug on the

outside of a public phone booth used by Katz to make illegal bets

In 1967, the US Supreme Court ruled Katz's rights were violated. Katz reasonably thought his conversation was private,

hence the recording was an illegal search and seizure the 4th amendment protects people, not places the 4th amendment governs seizure of tangible items,

as well as recording of oral statements

Electronic Communications Privacy Act enacted in 1986 ECPA was an amendment to Title III of the Omnibus Crime

Control and Safe Streets Act of 1968, which was primarily designed to prevent unauthorized government access to private electronic communications. Title I of ECPA protects electronic communications while in transit.

Title II of the ECPA, protects messages stored on computers.

Title III prohibits the use of pen register and/or trap and trace devices to record dialing, routing, addressing, and signaling information used in the process of transmitting wire or electronic communications.

http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act

NSA and FISAForeign Intelligence Surveillance Act of 1978 (FISA)

warrant required with 72 hours if "US person" involved

amended by Patriot Act in 2001 to include terrorism warrantless wiretaps of US citizens ended in 2007

replaced by Protect America Act of 2007, which expired

replaced by FISA Amendments Act of 2008 granted immunity to telecoms that had helped the NSA

Patriot Act

allows officials to track emails without showing probable cause

allows roving surveillance for intelligence (not just crime investigation), tapped device does not have to be owned by the suspect

search warrants no longer have to be served warrants for records do not require probable

cause …

Uniting and Strengthening America by Providing Appropriate Tools Required to

Intercept and Obstruct Terrorism (USA PATRIOT)

Summary of Privacy

http://imaginingtheinternet.wordpress.com/2011/04/25/opening-up-the-privacy-of-cyberspace/