Lateef Mtima, of Howard University School of Law, suggested that the settlement would help the disenfranchised get access to books — and that copyright as a whole “should be an engine, not a brake on social development.” The lone librarian, from the University of Michigan, expressed a similar sentiment, arguing that “Broad social progress depends on being able to find, use, and re-use the scholarly record.”

I find this perspective compelling, as it connects with my own view that copyright’s purpose is not to permanently protect the property of rights-holders, but rather to foster innovation and creativity. Put another way, copyright serves a social purpose beyond rewarding individuals; the creativity and innovation it encourages is supposed to benefit society as a whole.

The concern expressed by the CDT representative, and others, is that there are potential privacy concerns with Google recording electronic access to books in a way that existing access methods (libraries, bookstores) do not is a potential problem, although in many ways it is an inevitable potential issue with any move to electronic texts. Still, I do share the concern that a single company (Google) stands to be the major gateway provider going forward — especially after recent missteps with regards to privacy on Google’s part.

I found other arguments less interesting, including arguments that this “turns copyright on its head” (I don’t see it) or that this doesn’t effectively represent the class because some rights-holders haven’t participated (this is a criticism applicable to most any class action).

My biggest worry is that the barrier of entry for other to scan books as Google has is simply too great, and that Google will become the de facto for-profit curator of what should belong to the public as a whole. But is that concern enough to scuttle the settlement? I’m not sure.

The judge indicated he will be taking his time ruling on this, due to the complexity involved. I would to, if I were him!

Related articles by Zemanta

• Google’s book settlement draws fire in court (news.cnet.com)
• Judge Hears Arguments on Google Book System (nytimes.com)
• Who supports and who opposes the Google Books settlement (inpropriapersona.com)

Highlights of the Google Books settlement hearing is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.

On Friday, the first federal appeals court to consider the topic will hear oral arguments (PDF) in a case that could establish new standards for locating wireless devices. In that case, the Obama administration has argued that warrantless tracking is permitted because Americans enjoy no “reasonable expectation of privacy” in their–or at least their cell phones’–whereabouts. U.S. Department of Justice lawyers say that “a customer’s Fourth Amendment rights are not violated when the phone company reveals to the government its own records” that show where a mobile device placed and received calls.

via Feds push for tracking cell phones | Politics and Law – CNET News.

Magistrate Judge Lisa Lenihan wrote the lower-court opinion [PDF], which was signed on to by four other magistrate judges. The lower court emphasized the importance of requiring a probable-cause standard for accessing location data — the same standard used for search warrants generally — and not a “articulable, reasonable belief” standard used to obtain so-called “pen-register” data (information that includes the phone number called, when, and for how long).

Pen-register data is subject to a lower standard because the courts consider that individuals knowingly provide the data to a third party (the telephone company) and thus have a limited expectation of privacy for that information (vs. their actual telephone conversations, for example, which have a higher level of protection due to a higher expectation of privacy).

The lower-court wrote, essentially, that location date can potentially reveal “extraordinarily personal and sensitive” information about a person without the involvement of that person (or their attorney) in the proceedings (it is “ex parte,” in the language of the court). Balancing the interests, says the court, means that a probable-cause standard is most appropriate. This balancing, along with detailed statutory interpretation, forms the core of the court’s analysis.

One weakness I see is that the court does not do a deep analysis of a “reasonable expectation of privacy” and the issue that giving that information to third parties reduces the expectation of privacy, noting only the the E911 legislation suggests that individuals have, and should have, a strong privacy expectation in their location data.

I think this is a good, balanced decision, but I wish it had dealt more with the potential attack on it due to the third-party data issue. I’ll be interested to see what happens at the 3rd Circuit (I expect it to be overturned, unfortunately).

Should police need probable cause to request mobile-phone location data? is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.

After all, you voluntarily provided the information, knowing that someone else would learn it, use it, and possibly store it. Thus, your level of Fourth Amendment protection is lessened, and no warrant is required (although typically a subpoena or similar legal document is used).

This concept is well-established in the realm of telephony: since 1986, 47 C.F.R. § 42.6 has required telephone carriers to maintain such transactional records for 18 months.

So it should come as no surprise that the FBI has been seeking similar retention of transactional data for Internet communications:

The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years.

via FBI wants records kept of Web sites visited | Politics and Law – CNET News.

Exactly what would constitute such data is less, clear, however. Would it include IP addresses on both ends, times, number and length of connections? This information, while potentially vast, can be retained relatively easily and requires little work to access. It is very similar to the data retained for telephone conversations, since this kind of information is required to be exchanged with intermediaries (like ISPs) in order to use the Internet. (That many people don’t know this might, however, speak to the question of reasonable expectations of privacy.)

Much more problematic and revealing would be actual Web pages viewed. Arguably, these are shared openly, but accessing them does require packet inspection beyond the surface, and equally most people likely have a greater expectation of privacy in that information. But should they? Most sites log their visits, and tie in IP and cookie data to identify individuals as best they can. Thus, is this data really private? Do you really expect it to be? Should you?

Specific and detailed privacy laws targeting modern technology would help, but for now we’re working with what we’ve got. And that makes it very likely that the FBI will get what they want — and perhaps that’s OK? Privacy rights and the Fourth Amendment are always about balancing, not absolutes — so perhaps this is an appropriate balance to deal with computer crimes without over-burdening everyone?

Related articles by Zemanta

• FBI Pushing For 2 Year Retention of Web Traffic Logs (yro.slashdot.org)
• FBI “technically violated” wiretap laws for years (inpropriapersona.com)
• Applying the Fourth Amendment to data in the cloud (inpropriapersona.com)

Retention of transactional Web browsing data is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.

In United States v. Ahrndt, No. 08-cr-468 (D. Ore. Jan. 28, 2010), a federal trial court held that a child pornography suspect had no constitutionally protected privacy right in the files found on his personal computer, stored in a shared iTunes folder fed by a Limewire account, accessible by a neighbor who was piggybacking on his unsecured wireless network.

via TechLaw: Court Finds Constitutional Significance in Defendant’s Failure to Password-Protect Home Wireless Network. (I recommend you read the whole piece by Thomas O’Toole.)

The neighbor connected to the open wireless account, opened iTunes, and found child pornography shared by the (now convicted) defendant. A police officer who responded to her call guided her through opening one shared file, and saw child pornography. The police them proceeded to gather details of exactly who’s network it was and obtained a warrant — in turn discovering more child pornography.

The defendant argued it was an illegal search by the police and the warrant should be thrown out, since the initial finding by the officer violated his 4th amendment reasonable expectation of privacy.

The court said, no, if you leave your wireless router unsecured, your expectation of privacy is much lower. People routinely use unsecured networks of others, says the court, and setting a password to prevent this is clearly laid out in the instructions (in this case, Belkin’s). What’s more, if you have iTunes sharing turned on, you shouldn’t expect those files broadcast to everyone on your network to be private.

I agree with O’Toole that none of this breaks new Constitutional ground. It all seems perfectly reasonable to me, and it seems like the judge “gets it” with regard to technology (nice to see).

It does also imply that an open wireless network is not like a closed (but unlocked) door. Accessing it is not equivalent to breaking and entering. (I think this is the correct view of things, myself.)

O’Toole ends with a warning that you should password-protect your network if you want 4th Amendment protections. I would add that, if you choose to share your wireless network, then make sure you secure your computers within that network. The lack of a password for the network was only one factor — sharing iTunes files publicly also contributed.

Extending this argument, if you have private files, you should be able to get 4th Amendment protection by password-protecting them at any level (encryption is a practical protection, but shouldn’t be necessary for legal protection — if one extends from this ruling). Thus, you could share your iTunes library and — provided you password protect your financial documents — still have Constitutional protections for those documents (but not the music or videos you are sharing).

Seems common sensical, but that doesn’t mean that it’s necessarily “the law” everywhere! This was only a federal district court in Oregon, after all, and isn’t binding precedent (though it may be persuasive). But it’s an intelligent decision.

Does an open WiFi signal reduce your 4th Amendment protections? is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.

So far the courts — who, absent on-point statutes, pretty much always reason by analogy when presented with novel situations — have not yet come to a conclusion about how to treat such data. Drawing on analogies to telephones, combined guidance from statutes like ECPA, the courts have pretty much settled on their treatment of email:

The to/from addresses on e-mails have also been considered transactional data, akin to an addressed envelope. However, the contents of an e-mail have been properly classified as content data. A service provider, even if it has the capability of accessing the contents of an e-mail, is not a party to the information.

However, the status of data stored in the cloud, that is, on the servers of a third-party provider, is much less clear. Couillard must treat this is a normative rather than descriptive fashion, suggesting that the courts “should treat cloud service providers as virtual landlords” (emphasis mine).

Similarly, access to the content of a calendar, address book, photo album, text document, or private blog is not given to the service provider. Although the user might be interacting with a cloud-based word processor or spreadsheet, the content of those documents is not intended to be shared with the provider; the provider is merely providing a platform for using and storing the content via the cloud. Whatever minimal right the service provider reserves to access the contents of those files or containers, the service provider is not a party to the contents any more than a landlord is a party to what goes on behind his tenants’ closed doors due to his limited right of entry.

Couillard’s landlord-tenant analogy is a useful and necessary one. In an earlier discussions, Couillard suggested that encryption and passwords could provide the “opacity” that leads to a reasonable expectation of privacy and thus Fourth Amendment protection. Unfortunately, there is no current way for users of Google Docs, as a representative example, to take advantage of encryption or password protection to limit access by Google. Similarly, a tenant does not expect a lock fitted by a landlord to keep the landlord out — that’s the role of the law.

So, there are two takeaway’s from Couillard’s piece. First, the landlord-tenant relationship is a good one to look for when considering an analogy for the provider-user relationship when it comes to Fourth Amendment protections. Second, the data you keep in the cloud may or may not be subject to a warrant requirement before the government accesses it. Keep this in mind when you balance the pros and cons of storing your data with third parties.

Related articles by Zemanta

• Does the Fourth Amendment cover ‘the cloud’? (news.cnet.com)
• Who Exactly Owns Your Data in the Cloud? (gigaom.com)
• Do You Have Any Legal Right To Privacy For Information Stored Online? (techdirt.com)
• The Fourth Amendment and the Cloud (yro.slashdot.org)

Applying the Fourth Amendment to data in the cloud is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.

The FBI illegally collected more than 2,000 U.S. telephone call records between 2002 and 2006 by invoking terrorism emergencies that did not exist or simply persuading phone companies to provide records, according to internal bureau memos and interviews. FBI officials issued approvals after the fact to justify their actions.

…

FBI general counsel Valerie Caproni said in an interview Monday that the FBI technically violated the Electronic Communications Privacy Act when agents invoked nonexistent emergencies to collect records.

via FBI broke law for years in phone record searches – washingtonpost.com.

Still, at least the FBI seems to be coming (relatively) clean on this, and says the violations ended in 2007 with changes to the system used. Considering how loose “after the fact” approval is — even when staying within the law — the basis for these wiretaps must have been pretty flimsy.

Related articles

• Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping (comsecllc.blogspot.com)
• Surveillance Without Suspicion: Who Watches the Watchmen? (seattlest.com)
• Does the “Other Party” on a Wiretapped Line Have Any Privacy Rights? (inpropriapersona.com)

FBI "technically violated" wiretap laws for years is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.

The core constitutional issues in the case are whether signing a ballot measure petition is a form of political speech, whether, if it is protected by the First Amendment, it includes a right to sign without official public disclosure, what standard is to be applied when judging regulation of such a First Amendment right, and what government interest supports disclosure rather than confidentiality for signers’ identities.

via SCOTUSblog » Court to rule on petition-signers’ rights.

Opponents of gay marriage and similar laws argue that the state should not release the names of those who sign petitions (such as those supporting their position), because doing so might make signers targets and thus stifle their sense of freedom to freely express their opinions. (The argument is, in essence, the core of why we have secret ballots in actual voting.) Exposing signers to potential harassment for their views, then, would stifle their ability express their political views by signing petitions they support.

But is this really a free speech issue? That is, should anonymity of expression be protected as part and parcel of the First Amendment? After all, we’ve seen a number of instances where corporations and governments have tried to force journalists to reveal their anonymous sources, and have even jailed journalists who refuse. And many of us have witnessed or experienced the de-anonymizing influence of the modern Internet, where everything posted online tends to become public. So how can signing a petition –usually in a public place, often with witnesses — give you protected anonymity? Is this even a Constitutional issue at all?

The Supreme Court has granted protections in the past to anonymous communications as part of First Amendment protections of free speech. For example, in In McIntyre v. Ohio Elections Commission, the Supreme Court struck down an Ohio law that prohibited the anonymous distribution of campaign literature, writing:

Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority. … It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation — and their ideas from suppression — at the hand of an intolerant society.

First Amendment law can be complicated, and involves balancing a number of factors. In addition, there is a difference between government involvement (in this case, Washington acting as a state to enable publication of names), private actions (your employer discovering your anonymous criticisms of the company, and firing you), and court involvement (subpoenas, rulings that order journalists to reveal sources in court, and so on).

Personally, I always assumed (without ever giving it any deep thought or legal analysis) that my signature on a ballot initiative was a public record. After all, I’m signing it in public, it needs to be verified as legitimate to count, I’m providing my name and address — it certainly never felt anonymous to me. That’s why I always insist on reading what I’m signing, considering the issues, and only signing what I actually agree with, instead of signing just to make the petition-gatherer go away.

So my gut tells me that such signatures should be public, but only because I always assumed they were anyway. I’ll be curious to see where the Supreme Court comes down on this, since the lower courts have gone both ways.

For more on this, see:

• U.S. Supreme Court could be next stop for R-71 from the Seattle P-I, quoting legal scholars giving their opinions
• Ninth Circuit Overturns Preliminary Injunction Restraining Release of Names of Anti-Domestic-Partnership Petition Signers in Washington State at The Volokh Conspiracy
• The Ninth Circuit decision that concluded that Washington could release the names of signers in the interest of transparency and accountability, and that this was not a question of “anonymous free speech” anyway, since signing a petition was not anonymous at all.

Should signing a petition be a confidential act? is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.

As part of this, the TSA issued subpoenas duces tecum (legal orders requiring that documents or information be produced) that sought to compel the two bloggers to reveal their sources. After a public outcry, the TSA “canceled the legal action and apologized for the strong-arm tactics agents used.”

Normally, subpoenas are issued by a court clerk or, more commonly, by attorneys working on a case who issue such subpoenas under the authority of the supervising court. The goal is to compel witnesses to either come to court or produce documents or information to be used in court. Enforcement is not automatic, but is instead sought through the court supervising the case, which has the power to punish someone who refuses to obey a subpoena without sufficient cause (as determined by the court).

The subpoenas (or “subpenas”) in this situation, however, were not issued or supervised directly by a court, according to the text of the document provided by Chris Elliot, one of the targeted bloggers. Instead, they were issued by the TSA under authority granted to it by Congress in 49 U.S.C. 46104. (This authority is similar to that granted to District Attorneys for conducting investigations.) It grants the authority to the TSA to:

subpena witnesses and records related to a matter involved in the hearing or investigation from any place in the United States to the designated place of the hearing or investigation

The law does not grant to the TSA the authority to enforce subpoenas directly. Instead, the TSA must “petition a court of the United States to enforce the subpena.” The court then conducts a hearing, and may impose penalties (including imprisonment).

One can object to subpoenas on a variety of grounds. (Note that one of those grounds is not the Fourth Amendment, since this is not considered a “search” or a “seizure.”) The order may be overly broad or burdensome (although the court may simple require you be reimbursed for your expenses in that case) or may request confidential information protected by privilege (attorney-client privilege, or doctor-patient, for example). Some states protect a journalist’s right to protect an anonymous source — but there is no equivalent federal “shield law.”

This is why the TSA felt it could indeed demand information from the bloggers, and why it is very possible they could have succeeded in penalizing the two bloggers in court if they did not turn over the information they had. (Of course, there may have been other arguments that a lawyer experienced in this area could have wielded — so if you are subpoenaed and would prefer not to comply, consult an attorney.)

For more on subpoenas generally, and how to respond to them, see: Responding to Subpoenas by the Citizen Media Law Project. The Project also has a good guide to protecting sources and source material more generally. I wrote about this previously in Journalist Shield Laws and Bloggers.

Why can the TSA subpoena bloggers to get at their sources? is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.

The central question in the privacy debate that EFF and our partners at the ACLU of Northern California and the Samuelson Law, Technology & Public Policy Clinic at UC Berkeley have been having with Google about Google Book Search is whether this exciting new digital library/bookstore is going to maintain the strong protections for reader privacy that traditional libraries and bookstores have fought for and largely won.

via Warrants Required: EFF and Google’s Big Disagreement about Google Book Search | Electronic Frontier Foundation.

I think I can safely say that I am in agreement with the ACLU and EFF on this one. Warrants, requiring judicial approval, are an important safeguard, although not perfect. They are routine for most investigations of physical locations, and, I think, ought to be so for virtual ones as well.

Of course, this prevents large-scale “data mining” activities by governments, who could conceivable flag suspicious activity for future investigation — but that, I think, is how it should be.

Related articles by Zemanta

• Lethem and EFF on why Google Book Search needs privacy guarantees (boingboing.net)
• Legal advocates ask for privacy protections in Google Books (news.cnet.com)
• Google responds to publishers (inpropriapersona.com)

Should the government need a warrant to access your Google Books history? is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.

President Barack Obama confirmed Friday that the White House will be creating a new office to be led by a cybersecurity czar. The office will be in charge of coordinating efforts to secure government networks and U.S. critical infrastructures.

via Obama Says New Cyber Czar Won’t Spy on the Net | Threat Level | Wired.com.

(Incidentally, can we please get away from “cyber” everything? It’s so last century, reminiscent of AOL and 1984′s Neuromancer.)

Most reviewers agree that this is long overdo, as do I. Critics generally seem to worry that this will simply cause greater confusion, increased bureaucracy, and general inefficiency (i.e., the typical complaint about government).

I do worry about increased government interference in areas that the private sector is better equipped to handle. Historically in this area, police and government agencies have not been effective in dealing with rapidly-evolving technologies, and have frustrated sysadmins attempting to deal with the issue “on the ground.”

Nonetheless, the government has to adapt to a changing world, and this is a necessary part of this. Someone has to coordinate the many agencies charged with protecting both public and private infrastructure.

Interestingly, along with this announcement President Obama reiterated his commitment to privacy and civil liberties, as well as network neutrality:

Obama was quick to add that the new White House cybersecurity office would include an official whose job is to ensure that the government’s cyber policies don’t violate privacy and civil liberties of Americans. He also reaffirmed his support for the principle of net neutrality.

I am concerned about the potential for certain private interests to subvert “cybersecurity” into “protect our intellectual property.” Obama did not do this in his announcement, but making this a priority for the new coordinator could have problematic implications, inserting increasing police powers into what is, at its essence, a civil offense (despite a trend toward criminalization).

My hope is that this new coordinator will quietly improve information security behind the scenes, and we won’t need to hear much at all about this issue. (But that’s unlikely.)

Related articles by Zemanta

• After review of computer security, Obama calling for ‘cyber czar’ and more awareness of threat (Minneapolis-St. Paul Star Tribune) (slumpedoverkeyboarddead.com)
• Obama Releases Cybersecurity Report: ‘Much Work to Be Done’ (blogs.wsj.com)
• Online Security: White House Establishes New Cyber Czar Position (readwriteweb.com)

Obama to Appoint Information Security Coordinator is from in propria persona, © 2010 by Kristopher Nelson. Want to republish? Get permission. Want to quote? That's fair use.