All posts in Surveillance

10 Reasons Why the Fourth Amendment Third Party Doctrine Should Be Overruled in Carpenter v. US

Daniel Solove
Founder of TeachPrivacy

10 Reasons to Overrule the Fourth Amendment Third Party Doctrine

The U.S. Supreme Court will be hearing arguments this week in Carpenter v. United States, which is one of the most important Fourth Amendment cases before the Court.  The case involves whether the Third Party Doctrine will remain viable.  If so, the Fourth Amendment will fade into obsolescence in today’s digital age.

In this post, I provide 10 reasons why the Third Party Doctrine should be overruled.  Before doing so, here’s some background.

Carpenter [6th Circuit case on cert to the Supreme Court] involved the investigation of a string of robberies of Radio Shack.  The FBI obtained cell phone records of the defendants pursuant to the Stored Communications Act (SCA), which requires “specific and articulable facts” to demonstrate that there are “reasonable grounds to believe” that the records are “relevant and material to an ongoing criminal investigation.” 18 U.S.C. § 2703(d).  This standard is far short of what the Fourth Amendment would require, which is a search warrant based upon probable cause.

Continue Reading

Cartoon About Connected Devices

Daniel Solove
Founder of TeachPrivacy

Cartoon Connected Devices - Internet of Things

This cartoon depicts the potential future of the Internet of Things.  As more and more devices are connected to the Internet, including ones implanted in people’s bodies, increasing thought must be given to the privacy and security implications.  The speed of technological development is moving at a far greater pace than the speed of policy thinking regarding privacy and security.

How will the security of new devices be regulated?  The market doesn’t seem to be adequately addressing the security of the Internet of Things.  Bad security in devices has externalities beyond the users, as devices can be used as part of botnets to attack other targets.

How will privacy be designed into devices?  How will notice and choice work?  When privacy is “baked in” to a device, do the engineers have a comprehensive understanding of privacy?  How will consumers be able to understand and respond to these design choices?

Should there be special considerations for medical devices or any device that is implantable in a person?

We still await satisfactory answers to these questions . . . but the expansion of the Internet of Things isn’t waiting.

Here’s an earlier cartoon I created regarding the Internet of Things:

Continue Reading

The Nothing-to-Hide Argument – My Essay’s 10th Anniversary

Daniel Solove
Founder of TeachPrivacy

Privacy Surveillance Nothing to Hide Argument

In response to government surveillance or massive data gathering, many people say that there’s nothing to worry about.  “I’ve got nothing to hide,” they declare.  “The only people who should worry are those who are doing something immoral or illegal.”

Nothing to Hide - SoloveThe nothing-to-hide argument is ubiquitous.  This is why I wrote an essay about it 10 years ago called “I’ve Got Nothing to Hide,” and Other Misunderstandings of Privacy, 44 San Diego Law Review 745 (2007).  It was a short law review piece, one that I thought would be read by only a few people.  But to my surprise, this essay really resonated with many people, and it received an unusually high number of downloads for a law review essay.  I later expanded the ideas in the essay into a book: Nothing to Hide: The False Tradeoff Between Privacy and Security  (Yale University Press 2011).

This year is the 10th anniversary of the piece.  A lot has happened between then and now.  Not too long before I wrote my essay, there were revelations of illegal NSA surveillance.  A significant percentage of the public supported the NSA surveillance, and the nothing-to-hide argument was trotted out again and again.  This was the climate in which I wrote the essay.

Later on, in 2013, Edward Snowden revealed that the NSA was engaging in extensive surveillance far beyond its legal authority.  Snowden declared: “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”  This time, there was a significantly large percentage of the public that didn’t side with the NSA but instead demanded scrutiny and accountability.

Nevertheless, the nothing-to-hide argument is far from vanquished.  There will always be a need for citizens to demand accountability and oversight of government surveillance, or else we will gradually slide into a more dystopian world.

Here are a few short excerpts from my nothing-to-hide essay:

Continue Reading

Epilogue to the St. Louis Cardinals Baseball Hacking Case

Daniel Solove
Founder of TeachPrivacy

St Louis Cardinals Hacking Baseball

A while ago, I wrote about a case involving a member of the St. Louis Cardinals baseball team staff who improperly accessed a database of the Houston Astros.   There is now an epilogue to report in the case.  The individual who engaged in the illegal access — a scouting director named Chris Correa — was fired by the Cardinals, imprisoned for 46 months, and banned permanently from baseball.  The Cardinals were fined $2 million by Major League Baseball Commissioner Rob Manfred, and they must forfeit their first two picks in the draft to the Houston Astros.

According to an article about the incident in the St. Louis Post-Dispatch: “As outlined in court documents, the U.S. attorney illustrated how Correa hacked Houston’s internal database, ‘Ground Control,’ 48 times during a 2½-year period. He viewed scouting reports, private medical reviews and other proprietary information. The government argued that Correa may have sought to determine if Houston borrowed the Cardinals’ data or approach, but the information he accessed was ‘keenly focused on information that coincided with the work he was doing for the Cardinals.'”

As I wrote in my piece about the case, there are several lessons to be learned.  One lesson is that it is a myth that hacking and computer crime must be hi-tech.  Here, Correa’s hacking was nothing sophisticated — he just used another person’s password.  The person had previously worked for the Cardinals, and when he went to the Astros, he kept using the same password.  In my piece, I discussed other lessons from this incident, such as the importance of teaching people good password practices as well as teaching people that just because they have access to information doesn’t make it legal to view the information.  The Cardinals organization appears to have learned from the incident, as the “employee manual has been updated to illustrate what is illegal activity online,” and the organization is using two-factor authentication to protect its own sensitive data.  The article doesn’t say whether the Astros also stepped up their security awareness training by teaching employees not to reuse their old passwords from another team.

Continue Reading

Microsoft Just Won a Big Victory Against Government Surveillance — Why It Matters

Daniel Solove
Founder of TeachPrivacy

eye

Yesterday, Microsoft won a huge case against government surveillance, a case with very important implications: In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation.

Continue Reading

Can the FBI Force Apple to Write Software to Weaken Its Software?

Daniel Solove
Founder of TeachPrivacy

Privacy Awareness TrainingA dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power.  The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.

Continue Reading

Without Scalia, Will There Be a 4th Amendment Revolution?

Daniel Solove
Founder of TeachPrivacy

title image

The passing of Justice Antonin Scalia has brought a wave of speculation about current and future U.S. Supreme Court cases.  One area where there might be a significant impact will be the 4th Amendment, which provides the primary constitutional protection against government surveillance and information gathering.  A new justice could usher in a dramatic expansion in 4th Amendment protections against government surveillance.

Continue Reading

A New US-EU Safe Harbor Agreement Has Been Reached

Daniel Solove
Founder of TeachPrivacy

EU-US Privacy Shield Safe Harbor Training

Last year, the death of the US-EU Safe Harbor Arrangement sent waves of shock and despair to the approximately 4500 companies that used this mechanism to transfer personal data from the US to the EU.  But a new day has dawned.

Continue Reading

Can the FBI Force Apple to Write Software to Weaken Its Software?

Daniel Solove
Founder of TeachPrivacy

title image

A dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power.  The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.

Continue Reading

Privacy Need Not Be Sacrificed for Security

Daniel Solove
Founder of TeachPrivacy

NSA Surveillance

I’ve long been saying that privacy need not be sacrificed for security, and it makes me delighted to see that public attitudes are aligning with this view.  A Pew survey revealed that a “majority of Americans (54%) disapprove of the U.S. government’s collection of telephone and internet data as part of anti-terrorism efforts.”  The anti-NSA surveillance sentiment is even stronger in other countries, as is shown in this chart below.

Pew NSA Surveillance

According to the survey, “74% said they should not give up privacy and freedom for the sake of safety, while just 22% said the opposite.”

As I wrote in my book, Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale U. Press 2011):

The debate between privacy and security has been framed incorrectly, with the tradeoff between these values understood as an all-or-nothing proposition. But protecting privacy need not be fatal to security measures; it merely demands oversight and regulation.

Continue Reading