PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Privacy Act, Data of Milking, and the Milking of Data

Milk

Over at choof.org, my friend Chris Hoofnagle (Director, Electronic Privacy Information Center West Coast Office) points out a rather unusual new government database consisting of lactating mothers participating in the “Workplace Lactation Program.”  This database is regulated by the Privacy Act of 1974, which requires that the government provide notice in the Federal Register about its plans for the database and how the data will be used.  According to the notice, the data will include the “[p]articipant’s name, employing office and office symbol, work and home telephone numbers, signed agreement forms, dates and times of lactation room use, and physician’s approval slips and forms (if applicable).”

Continue Reading

Journalist Privilege and the Valerie Plame Case

Journalist Privilege

Almost lost amid the Supreme Court fireworks last week was its decision to deny certiorari on a challenge by two reporters to a grand jury subpoena for the identity of White House sources.

The imbroglio began back in 2003, when former Ambassador Joseph Wilson disputed White House claims about weapons of mass destruction in Iraq. How outrageous! To retaliate, some White House officials leaked to several reporters the fact that his wife, Valerie Plame, was a CIA agent, blowing her cover. Among the journalists receiving the information was the conservative pundit Robert Novak as well as Time Magazine reporter Matthew Cooper and New York Times reporter Judith Miller.

Continue Reading

Of Privacy and Poop: Norm Enforcement Via the Blogosphere

Dog Poop Girl

By way of BoingBoing comes this fascinating incident in Korea. A young woman’s dog pooped inside a subway train. Folks asked her to clean it up, but she told them to mind their own business. A person took photos of her and posted them on a popular Korean blog. Another blogger, Don Park, explains what happened next:

Continue Reading

Josef K. – Justice Denied. Again.

Kafka The Trial

Judge Alex Kozinski and his law clerk, Alexander Volokh recently published an opinion by a panel on U.S. Court of Appeals for the 9th Circuit in a law review article.  The article is called The Appeal, 103 Mich. L. Rev. 1391 (2005).  The judges on the panel were Judges Alex K., Bucephalus, and Godot.  No reason is given for the inexplicable delay, as the case was argued and submitted in 1926 but not decided until 2005.  And no reason is given why the opinion was published in the Michigan Law Review rather than in the Federal Reporter.  Shame on the panel!

Continue Reading

If It’s Against Your Privacy Policy, Just Change It

Social Security Administration

According to an article in the NY Times, documents obtained by the Electronic Privacy Information Center from the Social Security Administration (SSA) reveal that the SSA disclosed personal information in response to FBI requests after 9-11:

Continue Reading

Libraries, Privacy, and Law Enforcement

Library

According to an NYT article:

Law enforcement officials have made at least 200 formal and informal inquiries to libraries for information on reading material and other internal matters since October 2001, according to a new study that adds grist to the growing debate in Congress over the government’s counterterrorism powers.

In some cases, agents used subpoenas or other formal demands to obtain information like lists of users checking out a book on Osama bin Laden. Other requests were informal – and were sometimes turned down by librarians who chafed at the notion of turning over such material, said the American Library Association, which commissioned the study. . . .

The Bush administration says that while it is important for law enforcement officials to get information from libraries if needed in terrorism investigations, officials have yet to actually use their power under the Patriot Act to demand records from libraries or bookstores. . . .

The study does not directly answer how or whether the Patriot Act has been used to search libraries. The association said it decided it was constrained from asking direct questions on the law because of secrecy provisions that could make it a crime for a librarian to respond. Federal intelligence law bans those who receive certain types of demands for records from challenging the order or even telling anyone they have received it. . . .

The study, which surveyed 1,500 public libraries and 4,000 academic libraries, used anonymous responses to address legal concerns. A large majority of those who responded to the survey said they had not been contacted by any law enforcement agencies since October 2001, when the Patriot Act was passed.

But there were 137 formal requests or demands for information in that time, 49 from federal officials and the remainder from state or local investigators. Federal officials have sometimes used local investigators on joint terrorism task forces to conduct library inquiries. . . .

Continue Reading

TSA’s Broken Promise About Secure Flight

TSA

Remember CAPPS II, the program for screening airline passengers by using databases of personal information?  This program was scrapped because the Transportation Security Administration (TSA) of the Department of Homeland Security (DHS) was concerned that it posed an increasing threat to privacy and civil liberties.  Replacing CAPPS II was the nicely-monikered “Secure Flight.”  (EPIC’s website has a good history and set of links about the history of the program.)  After names like Carnivore and Total Information Awareness, government officials have learned to rename things with soothing happy titles.   Secure Flight was to be a kindler, gentler version of CAPPS II, with more limited uses of information and with more limited information gathering and retention.  Privacy advocates were skeptical of Secure Flight, but TSA insisted that Secure Flight was genuinely nicer, not just nicer in name.  According to TSA’s final order on its testing of Secure Flight:

Continue Reading

How HIPAA Was Undermined

HIPAA

The Office of Legal Counsel (OLC) of the DOJ has issued a highly suspect interpretation of the original HIPAA that seriously undermines the enforceability of HIPAA.

Some background: In 1996, Congress Passed the Health Insurance Portability and Accountability Act (HIPAA).  The Act, at 42 U.S.C. § 1320d-6, provided in part for the protection of medical privacy – although it left the specific details to the Department of Health and Human Services (HHS) to establish via a rulemaking.  HIPAA contained civil and criminal penalties for when:

A person who knowingly and in violation of this part–

(1) uses or causes to be used a unique health identifier;

(2) obtains individually identifiable health information relating to an individual; or

(3) discloses individually identifiable health information to another person

Continue Reading