Lex Ferenda

Just a quick note to say that, while I figure out some issues with themes (that’s what gives the blog its pretty look), I’ve reverted to the default theme. That’s why things look so plain right now. All the content is as it usually is. Please hold…

New theme installed now.

As previewed here, a report on this morning’s privacy-and-the-Web jamboree. Lawyer Caroline Campbell introduced the symposium on “Letting it all hang out”, sponsored by Digital Media Forum and taking place as part of the Darklight festival, and handed things over to Prof. Daniel Solove (website), the special guest. (And I discovered that it’s pronounced So-Love, whereas I’ve always said it So-Low-Vay in my head. Oops).

Unless otherwise indicated, what follows is a non-verbatim approximation of what was said. Please correct any errors if you spoke and spot them. Things in [square brackets] are entirely my own views or additions and weren’t said at the symposium. Prior posts on privacy on this blog are here.

Daniel Solove’s presentation

Solove gave a quick overview of the context of Internet privacy, and discussed a number of specific cases that illustrated the changing nature of privacy:

• Dog Poop Girl - a cellphone picture of a dog doing what dogs do on train, published, the owner identified (as being irresponsible for not cleaning up), personal info published; it ended up on BoingBoing, media, posters and much more. “The Internet allows a cyber-posse to amass from around the world in an instant”.
  
• Personal blogging is in a way like diaries, containing intimate details of your personal life - but also the lives of others! But it’s very pervasive…will parents say to their child: “Well yes we could read your blog .. or you could just tell us about your school day“? (Solove displayed this cartoon or a version of it)
  
• 40% of blogs are written by under 19s…this is ‘Generation Google’, entire lives chronicled online [lots of things in common with Digital Natives here]
  
• Star Wars Kid - put up on site by friends and in just a few weeks, millions of views, went viral, embellished by others, mashups (loads of ‘em). Now he’s extremely well-known. Is this a good thing?
  
• Washingtonienne (Jessica Cutler) - anonymous blog which was personal, including lots of stuff about sexual partners - highlighted by Wonkette, followed by significant magazine coverage, a book deal, etc. One partner sued her for invasion of privacy … though she has now declared bankruptcy.

But maybe this sort of scrutiny of reputation is a good thing? Yes, but information out of context leads to hasty judgements that don’t really capture the truth of a character. And the libertarian norms which are generally good can actually lead to the opposite, people can be “shackled to their past”.

What can the law do? A little bit, but not a lot. A solution must deal with education, social attitudes, etc. So he analyses three “paths” - libertarian (hands off - things will get worse if you bring the law in; problem is that the norms may not develop the way we want to), authoritarian (censor and restrict - increasing willingness to do this in the US, too reactive, chills speech), middle ground (threat of lawsuit forces responsibility and accountability -recommended approach, but doesn’t want too many cases as it’s expensive) [again, this is a trend in the current phase of cyberlaw, so Solove is in very good company]

He then discussed the ‘Warren and Brandeis‘ privacy tort in the US, where you can sue for spreading private information not of legitimate concern. In the UK, it’s the modified breach of confidence tort, expanded post-HRA to be similar to US. [In Ireland, we have neither as such (breach of confidence exists but not as it now does in the UK), although we do have a small number of cases where a suit for breach of the constitutional right of privacy has been successful, a proposed tort in the stalled Privacy Bill, and a presumptive requirement under international law (ECHR) and domestic remedy (ECHR Act) to deal with the Von Hannover approach to Article 8 of the Convention on privacy]

Often, we have a binary understanding of privacy - places are private (home) vs public (the county fair). But we do have expectations of privacy in public place, and it’s so easy to capture (cellphone, CCTV, etc). The breach of confidence remedy in the UK is extensive and includes information between friends.

It’s also about control. Dr Laura Schlessinger, a conservative commentator, was not impressed when nude photos of her (taken in her wild past) were circulated. [I'm passing on looking them up] She sued the website to get the photos taken down, but lost due to free speech concerns. Then the ‘voyeur’ website that published them won cases against other sites for stealing their pictures! This shows that the idea that there’s nothing that the law can do to restrict information is false - in this case, there was copyright protection. “If you have a choice between copyright and privacy, choose copyright”, as the protections are more powerful.

And then there’s speech. Solove thinks that US law overprotects speech and underprotects privacy. Section 230 of the CDA immunises websites, ISPs etc for content supplied by others…and it’s complete immunity, which goes way too far. Juicycampus.com is an example. This illustrates how the law is “getting the balance wrong, encouraging irresponsibility rather than responsibility”. Small legal changes would nudge norms in the right direction.

Panel Discussion

Caroline (CarC) and Daniel (DS) were joined by Damien Mulley (DM), Jim Carroll (JC), Cormac Callinan (CorC) and Niall Larkin (NL). I didn’t get every point, I’m afraid, but I’ve tried to capture as much as I could (in almost all cases, summary rather than verbatim). ?? means a question or point from the floor.

We started with a general question to the panel on social networking and privacy. NL: People are sharing, learning to express themselves, “growing up online”. If it goes on the Internet, it stays on the Internet. DM: everything you do on Facebook is logged, i.e profile visits. They got in trouble last year, because even when you closed an account, info was still stored. Profile built up to sell on to advertisers, understanding behaviour. And they will hand to law enforcement without subpoenas. (full-time members of staff just doing this). There’s also profiling by companies etc, though people don’t really know this is happening. JC: it’s already happening with loyalty cards, though it’s now easier again for the marketers. It comes down to how much you care about it. DS: ubiquity of information collection. Mentions cloud computing - they have all your documents. Popular for marketers and for governments. Analysis tools are getting more sophisticated too. Terrorist profiling too (it works for Amazon, will it work for government?)

DM asks the audience - do you care that your data is being stored and used? [I think about half put their hands up]

??: a debt collector friend has been told to use Bebo in their work. This is a sign of how much awareness there is of the potential of such sites for data collection.

??: what about problems of international law, when content is hosted in a different country? Corc: it’s very difficult, there’s lots of international cooperation, there’s most in child protection, but data protection as an example of where it doesn’t work, there’s virtually no protection in US, despite safe harbour (between EU and US) which controls only certain aspects and is very limited.

??: is there ‘decentralised responsibility’, i.e. the user has agreed to terms and conditions when they signed up? DS: how many people read the privacy policies? They can change them unilaterally at any time. And for Facebook, there’s a policy, there’s privacy settings, and a 6000-word TOS. “No-one reads these things”.

??: Creative Commons has simplified IP contracting, could you do this for privacy? DS: sceptical, you use so many sites in a day and it’s very difficult to keep up with. A FTC commissioner he met confessed to not reading Facebook’s privacy policy. CarC: lawyers work very hard to make things “simple” but they are often hiding stuff! NL: as danah boyd says, as a citizen of the Internet you should have some basic rights.

??: There’s a naivety that people think social networking sites are there for their benefit, but they are ultimately commercial enterprises. DS: people are fine with it until something bad happens. They can want certain uses of data but not others….how do you know in advance? JC: when it’s taken out of context, there is trouble: i.e. publication of Bebo photographs in a newspaper. CorC: yes, but there’s also a lot of misunderstanding, i.e. ‘if you turn off your phone you can’t be tracked’ (not true - it’s effectively personal GPS), even possible to have remote activation of microphone. If someone had said 10 years ago that you’d carry a GPS tracker you’d say they were insane but now you pay €35 a month for the pleasure! DS: there was a backlash against bank accounts in the US in the early days of banking - but people chose to give up some privacy in return for value. But when does data mining turn into surveillance?

??: What can we get our government to do to protect against privacy infringement? And teenagers liked the idea of the mobile phone tracking - is this another generation gap? CorC: mentioned “phonewalking” services (bringing the tracked phone to where you ’should’ be - big business of the future! Copyright law is very effective because of lobbying power; businesses of course are there to make money, you should always assume this, and also - distinguish between privacy and data protection. Asking Bebo and Facebook to protect you is not feasible, it’s not their job to do it as they can always see and know everything, and their motive is profit. DM - I want to be told when people access my information, i.e. what the companies or their allies do, and including government information too (e.g. social welfare).

DS - there is an “optimism bias”. And it’s hard to visualise all the people reading your blog as compared to that of an true audience. In one study, 70% of people agreed that a privacy policy means no 3rd party sharing (this is not). NL: visualisation is concealed in some (social networks encourage to share with ‘friends’) but not others like YouTube (’broadcast yourself’ makes it very clear)

?? - Big Brother is important but we are also contributing to this - “we are BB”. Balance between rights and responsibilities - i.e. as a blogger, what am I putting out there?

?? - what about Gmail turning information over to Government without telling you. The government that would legislate to protect us has a particular role too as being a threat to privacy. DS: yes, an see in particular the discussion of FISA in the US.

?? is there a catch 22, you need unique ID of some sort in order to make Internet services and presence work. I like my anonymity, which is compromised. And these issues are nothing compared to Yahoo turning over information to China. CorC - you don’t really have anonymity, Irish ISPs share your information across the world. And you leave a significant footprint. [Cormac was very honest and direct in these contributions, which is appreciated].

??: there are two separate privacy debates happening, one about the protection of public figures against ‘media intrusion’ that is happening in the political and legal arena and a separate one that we are hearing here about privacy policies, commercial exploitation, Government surveillance that is not being legislated for. [That was me]

?? can there be a realistic remedy, very hard to deal with violations as not everyone can go to the High Court.

CorC - remember in Europe we don’t have immunisation of ISPs and hosts as with the CDA in the US (it’s about knowledge). DS: that’s interesting, when I say that in the US I’m told that it would lead to the total shutdown of the Internet and no free speech.

Summary

Three quick observations. If you were there, please add your own, including issues that you might not have had time to raise in the Q&A.

A very interesting symposium, with a particular need to note the strength of contributions from the floor. Although I wondered (like Justin) about how it related to the festival as a whole, I think the fact that the vast majority of those present were ‘active’ in various types of media, digital culture, etc meant that there was a lot that did not need to be reiterated (I’ve given talks about Facebook where the basic concept has to be explained, which while important, leads to a different type of question), and also a very informed line of questioning to what was an extremely heavy-hitting panel, with some of the best-known local bloggers and journalists, a leading international privacy scholar, and two important practitioner perspectives from Callinan and Campbell).

I hadn’t heard Daniel Solove speak before, though I’ve read his books and cited his blog posts in papers. He explained the issues very clearly to what was clearly not a legal audience, but managed to do so without leaving out crucial details like US-Europe differences in the relevant areas of law. And he talked about Warren and Brandeis at 10am in a basement full of film producers, and everyone followed what he was on about.

An audience member did raise the issue of gender balance, although in defence of the organisers, both Rachel O’Connell (Bebo) and Karlin Lillington (Irish Times) were invited but unable to attend.

Letting it all hang out : Privacy vs publicity in the virtual world

I’m looking forward to this seminar on privacy and publicity taking place as part of the Darklight festival this Friday. Daniel Solove (GWU Law School) is the keynote speaker; for an idea of what’s he’s done in the past, take a look at the freely-available PDF of his recent book, The Future of Reputation. Karlin Lillington of the Irish Times is chairing it (edit: chair to be confirmed), and there will be responses from a diverse panel: Damien Mulley (blogger, consultant and fan of fluff and chicken feet; coming despite the spam), smart techlaw solicitor Caroline Campbell, music journo (and blogger too) Jim Carroll, Cormac Callinan (formerly of ISPAI and first director of hotline.ie and Niall Larkin from Relevant Media and more.

Friday 27th June, Filmbase (Curved St, in Temple Bar), at 10am. All the info is at the Darklight website.

The informative Legal Post blog from the (Canadian) Financial Post notes the suggestion that co-workers involved in an, um, consensual social relationship, should sign a contract, as reported in the (US) ABA Journal. To confirm that they “independently and collectively, desire to undertake and pursue a mutually consensual social and/or amorous relationship.” Lots of fun questions about enforceability, duress, bargaining power, immoral purposes - but only in America, you might say? Well, the BBC Law in Action radio show highlights the apparent growth in students taking out legal services insurance, to be used should they run into difficulty with their university and wish to initiate legal proceedings against it. (For more on law and the British student, see this previous post).

Whoops! Sorry about the downtime for the last day or so. We’re back now. Happy Bloomsday. While I have your attention, perhaps skip the breakfast but don’t forget to read the celebratory Blawg Review at cearta.ie.

After an extraordinarily long wait, the decision in Dillon v DPP [2007] IEHC 480 has finally been published on the website of the Courts Service. It was announced in court in March 2007, delivered in November 2007, and published online in the last couple of weeks. (I last whinged about it in January).

On the day of the decision, Eoin blogged about it in an important and extremely useful post-with-extra-stuff-in-the-comments, here. In a comment at the time, I joked that it would take a month for it to go online (how wrong I was to be so optimistic), and added then : “Given that the vagrancy law has already run into constitutional trouble (King v AG, early 80s), I’m concerned that this might not be a detailed exploration of freedom of expression and communication issues after all….” (alas, how right I was to be concerned)

The decision is remarkably brief. Indeed, the discussion of freedom of expression, which we’ve been waiting for (this being, as we thought, the first provision of a statute struck down on the basis of Article 40.6.1i), takes just a few paragraphs. After concluding that the provision cannot stand because of four separate constitutional violations, de Valera J notes that expression rights are raised, and says:

16. In Kearney v. Minister for Justice [1986] I.R. 116, Costello J. accepted that “the right to communicate” was protected by Article 40.3 and begging as already defined is clearly a manner of communication by one person to another
17. In Murphy v. Independent Radio and Television Commission [1999] 1 I.R. 12, Barrington J. in considering the right to communicate pursuant to Article 40.3 and the right of freedom of expression pursuant to Article 40.6.1 accepts the right of the citizen to express his or her needs “by words and gestures as well as by rational discourse”.
18. Again in applying this dictum to begging as already defined, the Act clearly offends against freedom of expression as provided for in Article 40.6.1 of the Constitution.
19. There are no Irish decisions directly relevant to the provisions of the Act, though the Law Reform Commission produced a very learned, comprehensive and helpful report on vagrancy in 1985 which, had it received the attention it deserved and required, would probably have rendered this application unnecessary.
20. I have been referred, helpfully, to a number of Canadian and United States of America cases touching on the matters under review: cases such as Loper v. New York City Police Department 999 F.2d 699 (2nd Cir. 1993) and Hague v. Committee for Industrial Organisation 307 U.S. 496 [1939] and Village of Schaumburg v. Citizens for a Better Environment 444 U.S. 620 [1980], and in particular Bennett v. Cambridge 424 Mass. 918 [1997], clearly support the applicant’s contention that an overall ban on all forms of begging is unconstitutional. The Bennett case is of particular interest in its similarity with the instant matter.
21. The Canadian cases cited included Federated Anti-Poverty Groups of British Columbia v. Vancouver City [2002] B.C.S.C. 105, also supports the applicant’s contention that s. 3 of the Act infringes the applicant’s right to freedom of expression and freedom to communicate though it must be noted that these authorities from the United States of America and Canada are of a persuasive value only.
22. Finally it is accepted by the applicant, and it is undoubtedly so, that the right to communicate and the right to freedom of expression can be limited in the interests of the common good. Nothing in this judgment should be construed as preventing the legislature from making laws controlling the location, time, date, duration and manner in which begging or the seeking of alms might take place and the age of any person involved in such activity.

Much as I’m glad to see that it’s actually possible to strike down legislation on the basis of its impact on freedom of expression and freedom of communication (however defined), I can’t deny that I’m extremely disappointed that the opportunity wasn’t taken to engage with the concept or indeed the application in a more meaningful way. For the case to be of value to future persons affected by possibly unconstitutional legislation, or indeed to legislators and decision-makers, let alone law students and law teachers, we need more than this, especially from a court that has the power and the duty to interpret the Constitution.

Two different ways to reconsider the role of your iPhone or iPod Touch: via Wired’s Gadgets blog, a great mashup of a Moleskin notebook and said device, and in the print edition of MacFormat magazine (Summer 2008), deputy editor Chris Plin argues that the iPhone is in fact the Hitchhiker’s Guide to the Galaxy, with the cleaning cloth playing the role of the towel.

My alma mater, PhD venue and current employer, Trinity College Dublin, joined the world of iTunes U this month. As has the Open University, the only other institution that I have a qualification from. I love them both, but am particularly happy to see the TCD contribution, as I know some of the people involved in the project, both on the tech as well as the open-access-evangelising side, who have been plugging away at this for years. In particular, I can remember the reaction in some quarters when, in relation to a project I work for in the institution, we asked about putting podcasts on the server for internal use. We wouldn’t have got anywhere with that mini-project without their support, and their vision is coming to fruition with this announcement.

Thoughts from Karlin Lillington here and John Naughton here.

TCD on iTunes
OU on iTunes

The Berkman Center invited me to write an essay for its Publius project (”Essays and conversations about constitutional moments on the Net collected by the Berkman Center“), responding to a very interesting piece by the great Lewis Hyde, who called his contribution “Freedom of Listening: An 18th-century root for net neutrality“. My piece, “The Right To Communicate“, is available on the Publius website. Comments and responses very welcome.

Lewis Hyde’s thoughtful essay on network neutrality and the trials of 18th-century preachers-without-pulpits is a timely reminder that the issue of net neutrality is not one that should be the sole business of a small group of Internet activists and lobbyists. It’s about time to acknowledge that, while increasingly vehement disagreements between economists on how to stimulate the development of broadband in the US are undoubtedly fun to watch, a broader conversation on the cultural and political impact of new technologies is slowly emerging from the confusion that is net neutrality.

…continued at publius.cc…

The possible (mis)use of US federal law designed to deal with hacking for the purpose of the (admittedly tragic) Megan Meier/Lori Drew case is scary. In short, after a high-profile situation where a young person committed suicide after what appears to be a pattern of harassment conducted via MySpace, it emerged that the mother of a ‘friend’ of the deceased had written many of the messages. Charges didn’t follow in the first instance (state law), but after some time, charges were brought under federal law, including the Computer Fraud and Abuse Act (CFAA) as amended, which in effect makes it illegal to access any computer ‘without authorization’; the logic goes that because MySpace requires you to give correct information and not be abusive, not following the conditions means that you aren’t authorised.

The idea that violation of the terms of use of a website is in itself a crime raises all sorts of possibilities that are almost too far-reaching to speculate about without seeming a little unhinged! It’s similar to, yet even more threatening than, the development of knee-jerk “criminal trespass” laws that blur the line between conduct in public places and private places and have been used against peaceful protesters with abandon. I find some tragic humour in the fact that private censorship by hosts, no matter how irrational, is seemingly beyond the scope of the courts (being a private matter supposedly for contract alone) yet when you ‘break’ that ‘contract’, it’s such an offence against the public that the criminal law should be involved. (Never mind the fact that a lot of those now criminal-law-carrying terms are beyond boilerplate!)

We’ve talked about the weasel words (or misuse of words!) of authorised computer access on these pages before - in the context of wifi sharing. I have a bad feeling about all of this.

More from Eric Goldman, Susan Crawford, Wired and Peter Black.