A report released yesterday by the Berkman Center for Internet & Society at Harvard University addresses the recent debate over the use of encryption in communications technologies and its impact on government access to communication data.  The report focuses on the U.S. government’s use of the “going dark” metaphor to describe recent decisions by several major providers of communications services and products to enable end-to-end encryption on their applications, operating systems, and mobile devices.

According to the report, the government’s use of the “going dark” metaphor to describe this phenomenon dates back to at least 2010, when the FBI’s then-General Counsel Valerie Caproni used the term in testimony before the Senate Judiciary Committee.  The report acknowledges that views on encryption differ within the government, and that the Obama administration announced in October 2015 that it would not pursue legislative action to force companies to decrypt data in response to government requests.  It notes, however, that several recent statements by FBI Director James Comey and others in the law enforcement and intelligence communities have expressed concern that encryption technologies inhibit access to communications even when the government has the legal authority to access them.  This, in turn, could limit the government’s ability to prevent terrorist attacks or investigate and prosecute criminal activity. 
Continue Reading Report Questions Use of “Going Dark” to Describe Encryption Trends

As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week.  Sure, you’re reading the FTC’s just‑released Internet of Things report (and hopefully Shel’s helpful analysis of it), but a little broader reading might be just right for our (somewhat) snowy weekend.

At the top of my list for this weekend is Neil Richards’ new book, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age.  This book follows up on Neil’s great law review article of the same name, but develops and updates the arguments, examples and use cases.  The subject of the work is the conflict between privacy and free expression, one of the most important issues in our area of law and policy.  Topics such as the “right to be forgotten” place this issue squarely into today’s headlines.  Neil suggests that free speech should win out in the event of a true conflict between the two values, but concludes that true conflicts are exceedingly rare.  It is more likely that privacy should be seen as a precondition for the exercise of free speech — without some assurance that privacy rights will be honored, individuals will not speak freely.  It’s a great premise with which I agree, and one that I look forward to thinking more about.  And if you’re in New York on Monday and can stop by the book launch sponsored by Data & Society, you can ask Neil about it!
Continue Reading Privacy Weekend: Provocative Articles We’re Reading Now

On October 15, 2014, the UK Information Commissioner’s Office (ICO) published an updated code of practice for surveillance cameras.  Among other topics, the ICO uses the Code to begin to address privacy practices for drones. 

Drones are not new, but two factors are now making questions about drones and privacy practices more pressing.  First, many drones now include high quality cameras, sourced originally from smart phone technologies, which increases their potential impact on individual privacy.  Second, the price of drones has fallen dramatically in recent years — making them increasingly ubiquitous and available for both businesses and consumers.  Policymakers in the United Kingdom and in the European Union are currently gathering information and conducting impact assessments to determine whether new legislative rules are needed to deal with the privacy challenges posed by drones, or whether existing data protection rules are sufficient. 

The ICO guidance note makes clear that standard data protection rules (and rules governing the use of CCTV cameras) will, in the meantime, apply to the use of drones.  It explains that — as with organizations and individuals handling data more generally — drone users should be separated out into professional and commercial users, on the one hand, and hobbyists, on the other.  Hobbyists, using drones for purely domestic purposes, are unlikely to be covered by data protection rules — but use of drones for non-domestic purposes will be governed by data protection requirements.
Continue Reading ICO Releases Concrete Guidance on Privacy Requirements When Recording Video with Drones

Senate Judiciary Chairman Patrick J. Leahy introduced a new version of the Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2014 (the “USA FREEDOM Act” or “Act”) in the Senate on Tuesday, more than two months House of Representatives passed a version of the bill that omitted several reforms sought by privacy advocates.

Leahy, a co-author of the original bill, said the updated legislation has the support of the Obama Administration.  The Reform Government Surveillance coalition of technology companies, the American Civil Liberties Union, and the Electronic Frontier Foundation also support the new version, according to a statement by Leahy’s office.  The measure has 13 co-sponsors in the Senate, including Senators Ted Cruz (R-Texas), Mike Lee (R-Utah), Al Franken (D-Minn.) and Tom Udall (D-N.M.).

The proposed Act would effectively ban bulk collection of phone records by circumscribing the scope and application of the so-called “business records” provision of the Foreign Intelligence Surveillance Act (also known as Section 215 of the USA PATRIOT Act).  It makes clear that the government may not collect all information relating to a particular service provider or to a broad geographic region, such as a city, zip code or area code.Continue Reading New Version of USA Freedom Act Introduced

Since 1979, the United States Government has made at least 35,651 applications to the Foreign Intelligence Surveillance Court (FISC) for authority to conduct electronic surveillance and physical searches of individuals.[1]  Of those requests, only 12 have been denied; 532 requests have been formally modified.  According to one judge on the FISC, a substantially higher

Recent news that the U.S. Justice Department obtained telephone records for two months covering more than 100 journalists working for the Associated Press has prompted lawmakers to propose new statutes meant to strengthen protections against the kinds of requests that our Jeff Kosseff described as “undermin[ing]” the “entire Fourth Estate.”Continue Reading New Statutes Proposed in the Wake of AP Spying Scandal

In the wake of the Boston marathon bombings and in response to the quick work of law enforcement officials who were significantly aided in their identification of the suspected bombers by videos from government- and privately owned surveillance cameras, there has been renewed public discussion regarding the privacy implications of the proliferation of security cameras. While many government officials advocate the deployment of more security cameras and law enforcement access to captured material, privacy advocates urge caution with regard to increased surveillance. In particular, privacy advocates voice concern with regard to the potential use of surveillance by law enforcement officers on “fishing expeditions” — combing through video footage to identify individuals engaged in unusual behavior, without having any other evidence that those individuals are engaged in illegal activities. Below we have highlighted a few interesting pieces discussing the issues.Continue Reading Boston Marathon Bombings Spark Renewed Debate Over Surveillance