Wednesday, May 26, 2010

Congressmen Question Google on Wi-Fi

Today, Congressmen Joe Barton (R-TX), Edward Markey (D-MA), and Henry Waxman (D-CA)wrote to Google Chairman and CEO Eric Schmidt seeking answers to the company’s collection of private information over Wi-Fi networks.

“We are concerned that Google did not disclose until long after the fact that consumers’ Internet use was being recorded, analyzed and perhaps profiled. In addition, we are concerned about the completeness and accuracy of Google’s public explanations about this matter,” wrote the lawmakers. “For example, on April 27, 2010, a Google blog post contained inaccurate information about whether payload data was collected. However, a Google executive on May 14, 2010, admitted in Google’s official blog that the company had ‘been mistakenly collecting samples of payload data from open (i.e., non-password-protected) Wi-Fi networks.’”

Barton and Markey, co-chairmen of the House Privacy Caucus, separately wrote last week to Federal Trade Commission Chairman Jon Liebowitz about Google’s recent revelation that it gathered the network information.

The lawmakers asked Schmidt to respond to the following questions:

What percentage of United States roads have been documented for Google Street View?

Over what time period did the collection of information for Google Street View take place or, if roads are visited by Google Street View vehicles more than once, what is the schedule for return visits to roads?

Have all Street View vehicles documenting United States roads been engaged in the monitoring or data collection of Wi-Fi transmissions at all times during those activities? If the answer is no, please explain in detail in what communities the monitoring or data collection was conducted and the reasons that these communities were chosen for monitoring or data collection.

How many Wi-Fi networks across the country have been logged since Google began its Street View program? How many consumers were subject to the data collection?

Was any notification of this monitoring and data collection made to affected communities prior to deploying Street View vehicles, and was consent sought from consumers? If so, please explain the notice and consent procedures involved. If not, please explain why this was not done.

Has Google at any time conducted a legal analysis regarding the applicability of consumer privacy laws on the monitoring and data collection of Wi-Fi transmissions? If so, please provide a copy of this analysis.

Please explain why Google chose to collect the data and how it intended to use the data.

What is the status of the consumer data collected? Has it been analyzed and used in any way? Does Google have plans to use it in the future? Please explain in detail.

Has the collected data been destroyed? If yes, when and by which method(s)? If not, why not?

What is the status of Google’s internal review of Street View’s monitoring and data collection practices to ensure adequate controls? What is the methodology? When did the review start? Who is conducting the review? Are there any interim findings? When is it expected to be completed? Will the review, or portions of it, be made available to the public?

What is Google’s process to ensure that data collection associated with new products and services offered by the company is adequately controlled?

Has Google asked a third party to review the software at issue? If so, who is the third party, and what is the nature of the review?

A copy of the letter to Schmidt can be found here. A copy of the letter to the FTC on the Google can be found here.

Monday, May 24, 2010

Red Flags Rule Compliance Date Approaching - American Medical Association Sues

It’s been a while since we have visited the Federal Trade Commission’s Red Flags Rule here in this blog. The oft-postponed deadline is now fast approaching on June 1. Except, that is, for lawyers and now, doctors.

On Friday, the American Medical Association filed a lawsuit against the FTC for defining physicians as “creditors” and claiming that requiring physicians to comply with the Red Flags Rule could jeopardize the doctor-patient confidential relationship. The Red Flags Rule (to refresh your memory) requires that “creditors” establish identity theft protection programs and would likely require physicians to obtain positive identification of patient identity – before providing treatment, as argued by the AMA.

The lawsuit argues that the FTC acted beyond its authority because physicians are not creditors and patients are neither accountholders nor customers under the Fair and Accurate Credit Transactions Act (FACTA). The latter is a more likely argument than the former. Under FACTA, an “entity that regularly defers payment for goods or services” can be considered to be a creditor and physicians routinely bill patients after the completion of services, including for the remainder of medical fees not reimbursed by insurance. I have been in doctor’s offices over the last 6 months where new patients are asked for their insurance card, and their driver’s license or a photo ID. This would seem to be a small step towards controlling medical identity theft.

Read about medical identity theft at World Privacy Forum Medical Identity Theft Page

Thursday, May 13, 2010

Facebook Holding Privacy Summit

As a follow-on to yesterday's posts regarding the public face of the Facebook privacy brouhaha, at this hour Facebook is holding an “all-hands” meeting to discuss the company’s overall privacy strategy. PC World suggests that perhaps today’s company meeting is the beginning of Facebook's effort to improve user guidance on issues of sharing and privacy, or maybe the company is considering a roll back of new features. Stay tuned.

Related links:

GigaOM » Facebook Needs to Find Its Voice on Privacy
Facebook's Eroding Privacy Policy: A Timeline Electronic Frontier Foundation

Wednesday, May 12, 2010

The back-and-forth on Facebook's privacy travails

Whether the terse discussions in the public arena over Facebook’s privacy “changes” demonstrate that the world’s largest social network is playing fast and loose with the truth about its internal controls on user privacy, or whether it is just an example of poor corporate communication of policies to end users is still a matter of debate. See Glitch Brings New Worries About Facebook’s Privacy - NYTimes.com.

Last week, the author of the Times’ technology blog Bits invited readers to submit questions for Facebook's vice president for public policy, Elliot Schrage. She probably got more than she (or Schrage) expected – in fact, over 300 of them. Schrage’s response is published in today’s blog entry: Facebook Executive Answers Reader Questions - Bits Blog - NYTimes.com.

For a completely different view of Mr. Schrage’s comments, I found Catharine Taylor’s post at Social Media Insider to raise some important questions.

Two privacy issues from North of the Border

Ann Cavoukian, Ontario’s information and privacy commissioner, has issued her 2009 Annual Report, entitled “Access & Privacy, A Time for Innovation.” One of Cavoukian’s main subjects this year is the smart grid and the associated privacy issues, including the collection of knowledge about personal habits via “smart” appliances communicating with the grid. Cavoukian is a thought leader in building privacy into processes and controls and we’ve blogged about some of her writings in past issues. Her latest publication is worth consideration as we move further along with technological development – and before the grid becomes too smart.

Related link:
Smart grid data must be protected: Privacy czar - thestar.com

And, Canada’s Assistant Privacy Commissioner is expressing concerns about the U.S. Secure Flight Program that will complete implementation and be fully operational by December. Under the program, passengers of any nationality who raise suspicions of U.S. authorities can be prevented from boarding flights that fly over U.S. airspace. Chantal Bernier told the Canadian Parliament yesterday that there is little Canada can do about it except urge the U.S. government to address extremely long data retention periods and other privacy concerns of Canadians. Under the program, Homeland Security may retain information collected (including name, birth date, flight information, itinerary and passport number) for periods ranging from a week up to 99 years.

Related link:
Vancouver Sun

Thursday, May 6, 2010

Privacy Events Calendar

Symposium on Privacy and Innovation

Tomorrow
, the Commerce Department is hosting a day-long symposium called “A Dialogue on Privacy and Innovation.” It will include several panel discussions to discuss stakeholder views and to facilitate further public discussion on privacy policy in the United States. The event will seek participation and comment from all Internet stakeholders, including the commercial, academic, and civil society sectors, on the impact of current privacy laws in the United States and around the world on the pace of innovation in the information economy. The event will be webcast at
http://www.ntia.doc.gov/InternetPolicyTaskForce/privacy/webcast.html

This Symposium is related to Commerce’s ongoing Notice of Inquiry seeking comment on the impact of current privacy laws in the United States and around the world on the pace of innovation in the internet economy. The Notice of Inquiry is at Internet Policy Task Force and comments are due June 7, 2010.


Roundtable on COPPA

FTC has announced that it will host a public roundtable on June 2, 2010, to examine whether technology changes warrant revisions to the Children’s Online Privacy Protection Rule. The Rule was enacted in 2000 and requires website operators to obtain parental consent before collecting, using, or disclosing personal information from children under the age of 13. Topics will include whether the Rule should be applied to emerging media, a potential expansion of the Rule to cover additional types of information, and the review of the verification methods used by websites. The roundtable will be held at the FTC Conference Center at 601 New Jersey Avenue, NW in Washington, DC. It is free and open to the public. No advanced registration is required

20th Annual CFP Conference

The 20th Conference on Computers, Freedom, and Privacy will be held on June 15-18 in San Jose, CA. Keynote speakers include Peter Cullen of Microsoft and David Drummond of Google. "Hot topics" sessions covering the latest news in freedom, privacy, and networks, and CFP's first "Unconference". Other highlights include sessions focusing on consumer advocacy, human rights, business perspectives, and cutting-edge intersections between technology and policy.

Monday, May 3, 2010

Welcome to the Privacy Revolution

This is "Choose Privacy Week" – an initiative by the American Library Association to raise awareness about sharing information online. The Association has launched a new website, Privacy Revolution, offering tips for educators and parents on ways to address privacy concerns with children.

One sure way not to raise the issue was demonstrated by a principal in Ridgewood, New Jersey last week. According to a post by Christopher Dawson in ZDNet Education IT, principal Anthony Orsini sent parents an email strongly urging them to take the role of cyberpolice with their middle school children, because “…there is absolutely, positively no reason for any middle school student to be a part of a social networking site! None.” Raising the consciousness of parents to the risks and dangers inherent in social networking and encouraging discussion at home is one thing. This is on an entirely different level.

Related links:
New Jersey principal deputizes parents as cyber police Education IT ZDNet.comALA Launches Choose Privacy Week - 5/3/2010 - School Library Journal

Sunday, May 2, 2010

OT -- Emergency Response 2.0 : Solutions to Respond to Oil Spill in the Gulf of Mexico

Off the privacy topic, but certainly an issue of national security. Mintz Levin client, InnoCentive, is crowdsourcing a solution to respond to the oil spill in the Gulf of Mexico. Over 250 people are currently working on the challenge posted to the site (link below) -- pass this on and get the collective wisdoms of the crowd moving!!

Emergency Response 2.0 : Solutions to Respond to Oil Spill in the Gulf of Mexico