Highway Surveillance Bill Passes House in RI

Legislation, Police, Surveillance

In a state whose largest city recently passed a sweeping privacy regulation, a new bill expanding police surveillance of license plates has passed the state’s House. The objective is to catch uninsured out-of-state motorists driving on RI highways and fine them up to $120. The bill’s sponsor, Robert Jacquard (D-Cranston), says that each license plate scanned by highway cameras will be erased in one minute following review by law enforcement, though many questions remain about the storage and sharing of this location data. Jacquard sees this technology as simply an extension of red-light cameras that already use automatic license plate recognition (ALPR). However, Rhode Island law enforcement would need to access license plate data from every state to make this work. Privacy groups and some auto insurers stand against this bill, with insurers pointing out the difficulty of getting other states to share personal data about their drivers with Rhode Island.

Sources: ArsTechnica, WPRI.com

Canada’s Supreme Court Strikes Down Clause of Facebook’s Terms of Use

Advertising, Exposure, Legislation, Online privacy, Social Media

A class action suit has been brought against Facebook in Canada. A Vancouver woman initially sued Facebook for featuring her name and photos in “Sponsored Stories” advertising, after she “liked” various company pages. The class action suit covers an estimated 1.8 million residents of British Columbia who had their names or photos used in Facebook’s Sponsored Stories. The suit encountered an initial hurdle in that Facebook’s terms of use include a clause of forum selection and “choice-of-law,” meaning that all disputes against the company must be reviewed in California, where it is headquartered. In a 4-3 decision, the Canada Supreme Court found that the clause is not enforceable in Canada. The ruling clears the way for the privacy case to now be tried in B.C. to evaluate the merits of the claim. The original suit seeks damages from Facebook for violation of the B.C. Privacy Act.

Source: CTV News

EU Proposes to Ban “Backdoors” in Encryption

Encryption, Legislation, Online privacy, Regulation, Smartphones

The European Commission has drafted amendments to the 2002 ePrivacy regulations that would ban the creation of backdoors for reading encrypted communications. This is a win for privacy in light of widespread calls by law enforcement and governments to establish access to end-to-end encrypted (E2EE) messages, most recently by the UK (for Signal and WhatsApp, which use E2EE).

The draft proposal, which would outlaw backdoor encryption, states:

Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.

Also,

…when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited…

The proposed amendments are more in line with the new General Data Protection Regulation (GDPR), but will have to pass through the European parliament and European council to go into effect.

Source: The Guardian

California Broadband Internet Privacy Act, AB 375, Introduced

Advertising, Legislation, Online privacy, Regulation

As a response to the repeal of FCC broadband privacy rules in April 2017, CA Assemblymember Ed Chau (D-Monterey Park) has introduced the California Broadband Internet Privacy Act, or AB 375. This bill is modeled after the FCC’s regulations and includes an “Ask Me First” principle, requiring Internet Service Providers (ISPs) to only use, sell, or share identifiable customer data if the customer opts in. Such information includes internet browsing history, downloaded applications, and time spent on each site. AB 375 would also prohibit any ISP practices that would require customers to pay more for their privacy or penalize those who did not consent to share their data. Eighteen other states, including Oregon, have already introduced similar bills to protect internet data privacy following the Congressional repeal of the FCC rules. At least 25 consumer, privacy, and labor advocacy groups are endorsing this bill, including the ACLU of CA, EFF, and the Privacy Rights Clearinghouse.

Sources: The Recorder, Consumer Federation of California

100 Years Under the Espionage Act

Exposure, Legislation

Yesterday marked 100 years since the Espionage Act was passed on June 15, 1917. This law was created amid the widespread xenophobic and anti-immigrant sentiment that shrouded World War I. Its purpose was to tackle draft evasion and anti-state activity that was seen as subversive to American democracy. The law was upheld in 1919 in Schenck v. United States, in which it was ruled that mailing anti-draft letters is not protected by the First Amendment. This was upheld again in Debs v. United States (1919), after which Eugene V. Debs, a Socialist Party leader, protested involvement in WWI during a speech and was found guilty of violating the act. The Espionage Act resurfaced in the 40s and 50s during the Red Scare, in which it was used to suppress communist and left-wing influences. Most recently, the Espionage Act has been applied to leaking confidential government information and used to prosecute whistleblowers including Daniel Ellsberg, Chelsea Manning, and Edward Snowden. The Justice Department is now looking into prosecuting entities that disseminate documents, such as WikiLeaks or journalistic organizations, in addition to individuals who leak classified information, under the act. Supporting this development, CIA Director Mike Pompeo recently described WikiLeaks as a “non-state hostile intelligence service” which is not protected by the First Amendment.

Source: EFF

Coats Backtracks on Promise to Provide Number of Americans Tracked by NSA

Legislation, Online privacy, Politics, Smartphones, Surveillance

Director of National Intelligence Dan Coats promised at his confirmation hearing to obtain and reveal the number of Americans affected by NSA surveillance. At a hearing this week before the Senate Intelligence Committee, Coats reversed course on this, claiming that it is infeasible to provide such an estimate. He argued that revealing this statistic would potentially violate privacy by verifying subject identities [I don’t follow…]. Section 702 of the Foreign Intelligence Surveillance Act (FISA), which is used to justify “upstream” mass collection of email and phone call data, is set to expire this year. The Trump administration is looking to make this surveillance statute permanent. In a strange twist, NSA Director Mike Rogers argued this week that Section 702 surveillance allowed the NSA to generate “insights” on Russian interference with the 2016 election [what are those insights?].

Sources: ZDNet, Washington Examiner

Providence Passes Sweeping Police Reform

Legislation, Police

Earlier this Spring, I posted about Providence’s visionary Community Safety Act, which included a broad set of police reform measures. As of last Thursday, it passed 13-1 in the Providence City Council! Now called the Community-Police Relations Act, the law enables people to see if they are listed in a gang database, codifies the right to observe/record police activity, and requires police to establish reasonable suspicion of criminal activity before using targeted electronic surveillance. Police may not inquire about immigration status, and are barred from profiling based on race, religion, and gender characteristics. The Fraternal Order of Police has stood against this act, which was drawn together from a widespread coalition of community groups. This law now sets a national precedent for protecting civil and digital rights.

Source: EFF

Salary History and the Gender Gap

Equality, Income, Legislation, Regulation

It’s a common enough question in a job application: Please provide your most recent employment history and salary information. But, this seemingly innocuous question has been found to reinforce salary inequality. It’s also a common enough outcome: As a woman, you’re getting by on your seemingly reasonable salary (so you thought), when you find that younger male colleagues with less experience are paid more than you. And, this gap will continue to grow as everyone gets a percentage wage increase (if lucky) and as new salaries are based on reported previous salaries. California (bless this place) and Massachusetts were the first states last year to pass laws to prevent employers from considering the past salaries of job applicants. Several dozen states are considering similar legislation this year.

But, this brings up an interesting privacy question: should salaries be private information? If shared, whom should they be shared with? In many ways, requiring the publishing of salaries forces us to recognize the gender pay gap and make efforts to rectify inequality. Yet, if current salaries are available data, who can access these data? Insurers? Credit card companies? Hackers? Sites like SuperDataProfiles, which then create maps of the income of you and your neighbors? And finally, wouldn’t this circle back around to future employers knowing your previous salary without even having to ask?

Source: NPR

Google and Facebook Lobbying Against BROWSER Privacy Bill

Advertising, Legislation, Online privacy, Regulation

The BROWSER internet privacy bill, sponsored by House Republicans, is being lobbied against by Google and Facebook representatives. The bill would require an opt-in by internet users before location and browsing history are used for advertising. Websites and ISPs would face repercussions from the FTC if they break privacy restrictions. The Internet Association is claiming that the regulations would stifle innovation (same argument used against net neutrality) and “upend the consumer experience.” The current paradigm for targeted ads and tracking is opt-out, although we consumers cannot really opt out of tracking. The Internet Association was founded by members of Google and Facebook, and includes similar big┬ácompanies such as Amazon, Dropbox, and Netflix.

Source: ArsTechnica

Republican-Led Internet Privacy Bill: BROWSER

Advertising, Legislation, Online privacy, Regulation

After taking part in rolling back privacy protections enacted by the FCC, House Republican Marsha Blackburn (Tenn.) introduced a bill containing some of the same restrictions, but this time under FTC jurisdiction. Called “Balancing the Rights of Web Surfers Equally and Responsibly” (BROWSER), the bill requires ISPs and internet companies to obtain consent before using location and browsing history for targeting ads. Compared to the recently struck down FCC rules, this constraint would apply not just to ISPs, but to companies like Facebook and Google. In addition, BROWSER would forbid any denial of service to users who do not opt-in to tracking. Co-sponsors of the bill include Brian Fitzpatrick (R-Pa.) and Bill Flores (R-Tex.).

Source: Investor’s Business Daily