Monthly Archives: November 2013

Europe Misdirects Rage on the US Safe Harbor

This morning, the European Commission released its report on the state of the US-EU Safe Harbor, a mechanism that provides for international data transfers, proposing a series of recommendations designed “to restore trust in data flows between the EU and the U.S.”  Europeans have long been critical of the Safe Harbor — and America’s free-wheeling attitude toward privacy in general — but the Summer of Snowden provided a perfect pretext to “reconsider” the efficacy of the Safe Harbor.

America’s hodgepodge or “sectoral” approach to privacy has increasingly placed U.S. officials on the defensive, and there’s no question the Safe Harbor can be improved.  However, conflating Safe Harbor reform with justified anger about expansive NSA snooping is counterproductive.  First and foremost, while public and private data sharing is increasingly intermingled, government access to data is not the same as commercial data use.  The Safe Harbor was explicitly designed to protect the commercial privacy interests of EU citizens.

It was not created to address national security issues, and the Safe Harbor specifically provides an exception from its requirements “to the extent necessary to meet national security, public interest, or law enforcement requirements.”  As FTC Commissioner Julie Brill has noted, national security exceptions to legal regimes are not unusual.  For example, the HIPAA Privacy Rule permits the disclosure of private health information in the interest of national security, and even the EU’s stringent Data Protection Directive includes an exception for state security or defense.

Read More…

From Collected Criticism to “Slamming” an Attorney General

Last Friday, I helped draft a few thoughts on behalf of the Future of Privacy Forum regarding the New York Attorney General’s efforts to subpoena information from 15,000 Airbnb users in New York City.  We wondered about the breadth of the AG’s request, and suggested only that “wide grabs of consumer data by well-meaning regulators can have a serious impact on consumer privacy.”

Later that day, Kaja Whitehouse of the New York Post declared that FPF had “slammed” the AG, proceeding to pull some line from our “open letter” to suggest FPF was far more critical of AG than it intended–or certainly I intended.  Another victory for overstrong rhetoric against even-keeled moderation!

Ephemeral Communication and the Frankly App Podcast

My former coworker was utterly enamored with Snapchat, on the grounds that she liked being able to express herself in ways that were not permanent.  In terms of our interpersonal relationships, it used to be that only diamonds were forever — now most of our text messages are, too.

Should a simple text last forever?  Last week, I reached out to Frankly, a new text-messaging app that provides for self-destructing texts, to talk about the development of the app and the future of ephemeral communication.

Click on the media player above to listen, or download the complete podcast MP3 here.

Sen. Markey’s Drone Aircraft Privacy and Transparency Act Summarized

On Monday, Sen. Markey introduced legislation designed to expand legal safeguards to protect individual privacy from invasion by commercial and government use of drones. The bill amends the FAA Modernization and Reform Act of 2012, which directed the FAA to integrate unmanned aircraft systems (UAS) into U.S. airspace by October 2015. The law, however, was silent as to the transparency and privacy implications of domestic drone use. Under pressure from advocacy groups and Congress, the FAA solicited public comment about potential privacy and civil liberties issues during its UAS test site selection process, ultimately suggesting only that UAS privacy policies “should be informed by the Fair Information Practice Principles.”

This section-by-section summary looks at how Sen. Markey’s bill would amend current law to establish national guidelines for domestic drone use.

Sec. 1 – Short Title

Drone Aircraft Privacy and Transparency Act of 2013

Sec. 2 –  Findings

The bill notes that the FAA projects that 30,000 drones could be in sky above the United States by 2020, and further, that current law provides for no explicit privacy protections or public transparency measures with regards to drone use by public or private entities.

Sec. 3 –  Guidance and Limitations for UAS

The major substance of this section details new requirements for data collection statements by commercial drone operators and data minimization statements by law enforcement. The bill’s provisions with regards to law enforcement appear to bolster significantly Fourth Amendment privacy protections. Agencies would be subject to a warrant requirement for any generalized drone surveillance absent exigent circumstances, such as (1) imminent danger of death or serious injury or (2) DHS has determined credible intelligence points to a high risk of terrorist attack. Moreover, any information collected that was unrelated to a potential exigency is required to be destroyed.

While these provide practical, procedural limitations on surveillance, the bill also forces law enforcement to consider how they plan to use drones prior to their implementation. Law enforcement offices will be required to file an explanation about any policies adopted to minimize the collection of data unrelated to a warrant-requirement, how excess data will be destroyed, and detailing any audit or oversight mechanisms. By making licenses contingent on these statements, the bill may encourage careful consideration of privacy challenges before law enforcement begins broad use of drones.

For commercial operators, the bill would prohibit the FAA from issuing licences without a statement that provides information about who will operate the drone, where the drone will be flown, what data will be collected and how that data will be used, including information about whether any information will be sold to third parties, the period for which information will be retained, and contact information to receive complaints. Depending upon how onerous these statement requirements become, this section may present some First Amendment challenges, particularly public efforts to advance newsgathering and the free flow of information.

The FAA would be charged with creating a publicly searchable website that would list all approved drone licenses, including copies of data collection or minimization statements, any data security breaches, and details about the time and location of all drone flights.

This section also calls for the Departments of Homeland Security, Commerce, and Transportation and the FTC to conduct a study to identify any potential challenges presented by drones to the OECD privacy guidelines. It would also require the current UAS rulemaking underway to take those privacy guidelines into consideration.

Sec. 4 – Enforcement

The section provides for concurrent enforcement by state authorities and the Federal Trade Commission under its Section 5 authority. It also allows for a private right of action for violations of either an entity’s data collection or data minimization statement. Remedies include equitable relief, and the greater of actual monetary damages or statutory damages of up to $1,000 for each violation.

Sec. 5 – Model Aircraft Provision

Finally, the bill provides for an exception for model aircraft.

***

Sen. Markey introduced a largely identical version of the Drone Aircraft Privacy and Transparency Act of 2013 earlier this year as a member of the House of Representative, and last year, as well.

Idealism Lost: From The West Wing to Scandal

Televised depictions of the cities in which I’ve lived have always captured my imagination — Law & Order gave me a taste of New York City long before I’d ever set foot in that city and David E. Kelley made Boston seem like it was full of diabolical whackos —  but the way Washington, D.C., is drawn on the small screen goes a long way toward justifying why I find this city so compelling.

Read More…

 Scroll to top