30 December 2011

Privacy Case Notes

The Office of the Australian Information Commissioner (OAIC), the national agency that incorporates the Commonwealth Privacy Commissioner, has released 13 case notes regarding the Privacy Act 1988 (Cth).

Those notes ("intended to offer a synopsis only and not to be a comprehensive account") are -
S and Telecommunication Company [2011] AICmrCN 13
R and Credit Reporting Agency [2011] AICmrCN 12
Q and Financial Institution [2011] AICmrCN 11
P and Retail Company [2011] AICmrCN 10
O and Professional Association [2011] AICmrCN 9
N and Law Firm [2011] AICmrCN 8
M and Law Firm [2011] AICmrCN 7
L and Insurer [2011] AICmrCN 6
K and Finance Company [2011] AICmrCN 5
J and Commonwealth Agency [2011] AICmrCN 4
I and Insurance Company [2011] AICmrCN 3
H and Registered Club [2011] AICmrCN 2
G and Parking Services Organisation [2011] AICmrCN 1
Highlights are as follows.

In S and Telecommunication Company (re NPP 6.1 and 6.7) the complainant had attempted to access personal information held by a telco, which the person believed included correspondence to a law enforcement agency. The telco relied on its internal privacy policy in its explanation of its decision to deny access, going on to quote exceptions under NPP 6 (ie denial of access to an individual when access would prejudice activities being carried out by, or on behalf of, a law enforcement body) when the complainant pursued the matter.

In R and Credit Reporting Agency (re s 18G(a) of the Act 1988) the complainant became aware the agency had linked the person's consumer credit information file with the credit files of other individuals. The complainant advised the agency that there was no connection to the other individuals. The credit reporting agency refused to remove the links. The Commissioner considered that by linking the complainant's personal information to other individuals the agency had failed to take reasonable steps to ensure the accuracy of information in its records and that the agency had thus not met the requirements of s 18G(a). A conciliation took place.

In Q and Financial Institution (re s 6 and NPP 2.1) the complainant contracted with a buyer to sell his car, which was under finance to a financial institution. The financial institution advised a prospective buyer that the vehicle had been under finance but the account had recently been paid in full. The prospective buyer later obtained a letter from the financial institution confirming receipt of funds to finalise the account; subject to clearance of these funds it would release its security interest in the vehicle in ten working days. In providing this information to the prospective buyer the institution denied disclosing the complainant's personal information, arguing that the letter to the prospective buyer only contained details about the complainant's vehicle and did not mention the complainant's name or account number. The prospective buyer was aware that the complainant owned the car and that the car had been under finance. The fact that the prospective buyer had previous knowledge of these details did not lessen the institution's obligation under NPP 2.1 to only disclose an individual's personal information for the primary purpose of its collection, or for a secondary purpose where it can rely on one of the exceptions at NPP 2.1(a) to NPP 2.1(h). The Commissioner considered that the prospective buyer could have reasonably ascertained that details in the letter related to the complainant's account with the institution; on that basis the letter contained personal information about the complainant, contrary to NPP 2. Conciliation was reflected in the institution's agreement to change its practice, offer an apology and offered a goodwill payment.

In P and Retail Company (re NPP 1.1 and 1.2) the complainant alleged that a retail company recorded outbound calls it made without providing notification of that recording the calls. The complainant objected on the basis that there had been no notification or request for consent. The retailer advised the complainant that there had been notification through its interactive voice response system when the complainant made the first inbound call to the company, claimed as providing awareness and consent. The Commissioner referred to the Telecommunications (Interception and Access) Act 1979 (Cth) - all parties must have actual knowledge that the telephone conversation will be monitored, with notification occurring prior to the activity taking place for both inbound and outbound calls - before indicating that the subsequent calls received by the complainant were a continuation of the original incoming call where notification had been provided. The Commissioner appears to have been unimpressed by the retailer's claim of implied consent. The collection of personal information during such calls was unfair and unlawful, with the retailer failing to comply with NPP 1.2.

In O and Professional Association (re NPP 6.1 and 6.2) the complainant sought access to that person's completed and marked exam paper from a professional association, along with access to the associated documents used to mark and rate performance along with all relevant documentation used in assessment of an application for special consideration. The association (NSW Bar Council?) refused to provide access to most documents, including working papers for marking. The Commissioner considered the exception under NPP 6.2, concluding that access would reveal evaluative information generated in connection with the association's commercially sensitive decision making process and that the association had provided an explanation through its personal analysis letter. The Commissioner declined to investigate the complaint under s 41(1)(a) on the grounds that the association had not interfered with the complainant's privacy.

In N and Law Firm (re NPP 1.2 and 10) the complainant alleged that a law firm improperly collected personal information, including their health information, using covert film surveillance. The law firm was acting for an insurer, with the information being subsequently disclosed during court proceedings. The Commiossioner noted that NPP 10.1(e) allows collection of sensitive information for the establishment, exercise or defence of a legal or equitable claim. In this instance the collection was necessary for the defence of a legal claim; the Commissioner accordingly declined to investigate under s41(1)(a) of the Act.

In M and Law Firm [2011] (re NPP 2) another law firm, acting on behalf of the complainant's former utility provider, commenced debt recovery with the complainant. The complainant subsequently settled the debt and was advised by the utility provider that debt recovery would cease. Oops, prior to receiving advice of the settlement the lawyers sent correspondence to the complainant's neighbour seeking information about the complainant's whereabouts. The branding of the law firm, including on the letter to the neighbour, identified that its legal expertise included debt collection. The complainant complained that the law firm had contacted the neighbour and revealed an outstanding debt. The Commissioner concluded that the correspondence amounted to a disclosure of the complainant's personal information. The complainant would reasonably expect that an organisation would disclose its name, and the complainant's name, to contact a third party in the circumstances, which included the law firm not being able to contact the complainant. Disclosure by the law firm was consistent with NPP 2.1(a); the law firm had not interfered with the complainant's privacy. The Commissioner referred the complainant to the Australian Competition & Consumer Commission to consider whether the debt collection practices were consistent with ACCC debt collection guidelines.

In L and Insurer the Commissioner noted the xemption in s 7B(5) for action under a State contract. The complainant, who had lodged workers compensation claims with two current employers, alleged the insurer disclosed details about a third unrelated compo claim to solicitors handling the claims for the two current employers. The Commissioner considered that, as the appointed claims manager of a state government body, the insurer was a contracted service provider to a state body. Additionally, the insurer had handled the complainant's personal information in relation to the two current workers compensation claims, for the purpose of directly or indirectly meeting its obligations as claims management agent for the state government corporation. The insurer's actions were thus exempt under the Privacy Act.

In contrast, I and Insurance Company (re NPP 3) concerned an insurance company collecting the complainant's personal information from a third party insurance industry database. The complainant was a loss assessor and the insurer was investigating alleged fraud. The complainant's file on the industry database featured multiple enquiry listings about the complainant and inaccurately listed the purpose for those enquiries. The insurer attributed the multiple enquiries to inexperienced staff andagreed that several of the descriptors were inaccurate. The Commissioner found that the insurer had recorded incorrect descriptors against the complainant's personal information and by not using a reference number was unable to verify why it had made the enquiries, or to find the various entries when it needed to correct the information. The insurer had thus not taken reasonable steps to ensure the personal information it disclosed was accurate and complete. In conciliation the insurer's procedures were changed, the complainant's personal information on the industry database was amended and the complainant received an unconditional apology.

In K and Finance Company (re ss 18E and 6 of the Act and para 65 of the explanatory notes to the Credit Reporting Code of Conduct) the complainant claimed to have signed as guarantor for a loan for a family member. The finance company providing the loan to that relative subsequently listed a serious credit infringement on the complainant's consumer credit information file held by a credit reporting agency. A copy of the loan contract obtained by the Commissioner showing the complainant was a joint borrower with the family member rather than a guarantor for the loan and that the complainant was made aware at the time of signing the loan contract that personal information might be disclosed to a credit reporting agency. The financier had sent demand letters to the complainant's last known address, with the mail had been returned marked 'not known at this address'. A collection agent visited the complainant's last known address and reported the complainant was no longer at the address, the complainant's home telephone number had been disconnected, and messages left by the finance company on the complainant's mobile telephone went unanswered. The Commissioner concluded that at the time of the listing the account was overdue, with the finance company having made reasonable efforts without success to contact the complainant. The complainant had stopped making payments under the credit contract and that the actions of the complainant would indicate to a ‘reasonable person' an intention to no longer comply with obligations in relation to the debt. The financier had not interfered with the complainant's privacy.

In J and Commonwealth Agency (re IPP 1, 10 and 11) the complainant claimed that during lodgement of an application with Administrative Appeals Tribunal (AAT) regarding a decision made by an Australian Government agency that agency obtained the complainant's fingerprints and provided them to a law enforcement body for the purpose of analysing certain documents. The agency advised that it had submitted the fingerprints for the sole purpose of having them forensically tested, as part of its duty to check the veracity of documents for an external tribunal. The law enforcement agency confirmed that, in line with its standard procedure, it would destroy the information when advised to do so by the referring agency. The Commissioner concluded that use of the fingerprints was consistent with the purpose for collecting the fingerprints – to check the veracity of documents – and was therefore authorised under IPP 10.

In H and Registered Club (re NPP 1.1, 1.3 and 4.2) the complainant alleged that a registered club interfered with their privacy by scanning their driver licence and, in doing so, recording unnecessary information. The complainant conceded that the club was required to collect their name, address and signature but argued the collection of the other information on the licence (inc date of birth, driver's licence number, driver's licence type and photograph) to be unnecessary. The club relied on statutory obligations to retain certain personal information for five years, stating it had a procedure in place to delete the information after that time. It would not agree to cease or alter its identity scanning practices, instead continuing to offer patrons the option of manually completing and signing its entry register. The club advised that a privacy statement is displayed at its entrance regarding collection and handling of their personal information; the statement is also displayed on the terminal when identification is scanned. The Commissioner decided that the offer of deletion coupled with the alternative option of manual sign-in adequately dealt with the collection issues in the complaint.

In G and Parking Services Organisation (re NPP 1.1, 1.2 and 4.2) the complainant alleged that a parking services organisation had no reason to collect the person's personal information and sought destruction of the information. The parking body had a short business relationship with the complainant and believed it was owed money from that relationship, going on to obtain a subpoena for records held by a state government department. These records contained the complainant's personal information, relating to the complainant. Sounds like the WA problem noted recently. The complainant alleged there was a mistake - there was no debt and it was thus unnecessary for the organisation to collect/hold the personal information. The complainant had not received a response after raising the issue with the parking body. That body indicated to the Commissioner that at the time it collected the complainant's personal information it believed the complainant owed money. It noted that the information was not obtained by deception but through a court subpoena. It went on to note that it later identified that there had been an administrative error: the complaint did not owe a debt. No matter, it seems: when the information was collected from the state government department the organisation believed in good faith that the information was necessary to pursue the non-payment for its services. That received a pat on the head from the Commissioner, which noted that the parking body did not need the complainant's consent before it collected the information, which was necessary for its activities and "was collected by lawful and fair means and not unreasonably intrusively". The Commissioner was similarly persuaded by the body's claim that it was required to keep the complainant's personal information to meet obligations with other laws, including taxation and corporations law. The body had written to the complainant, outlining why it needed to continue to hold the personal information in its records and the timeframe for destruction (ie for at least five years). The case note states that the Commissioner is "satisfied that the organisation had a legitimate reason for retaining the complainant's personal information". The implication seems to be that if you act in good faith in seeking recover a non-exiostent debt you get to keep the data for seven years, rather than apologising for your ineptitude and deleting the info forthwith.

Fou

It is axiomatic that application charges and processing charges have the potential to fundamentally inhibit community use of freedom of information law and thereby reduce both the transparency and accountability espoused by the Commonwealth Government in announcing changes to the Freedom of Information Act 1982 (Cth) last year.

In a conference paper and law journal article earlier this year I highlighted concerns regarding the legislation, arguing that the commitment of many Australian government agencies - and of senior officials - to the 'open government' philosophy was at best uncertain. Enthusiasm, as in the fatuous Gruen Government 2.0 report, for fashionable tools such as Twitter does not offset resistance on the part of Ministers, agency heads and midlevel bureaucrats to letting sunlight into the bowels of public administration. Vampires, watercolours and mushrooms may need to be kept in the dark; the public are made of stronger stuff and should not be.

The absence of FOI application charges and low processing charges is an acceptable cost for the operation of a contemporary liberal democratic state.

Along with closure of National Archives offices it is thus disturbing to see responses by national government agencies to the discussion paper [PDF] released by the Office of the Australian Information Commissioner in October this year. The Commissioner states that -
Fees and charges have always played a central and at times contentious role in the operation of the Freedom of Information Act 1982 (FOI Act).

The policy of the FOI Act is that agencies can impose charges to recoup some of the costs incurred in processing FOI requests. This ability to impose a charge also plays a practical part in the discussions that are held between agencies and applicants about defining and managing the scope of requests.

On the other hand, the FOI Act recognises that charges can impede the exercise by the community of the right to seek access to government documents. A stated object of the Act is that it should be administered 'as far as possible, to facilitate and promote public access to information, promptly and at the lowest reasonable cost'. Agencies also have a discretion under the Act not to impose a charge or to waive or reduce a charge.

FOI charges have figured prominently in much of the debate about the operation of FOI laws in Australia. Some complain that charges are assessed or imposed by agencies so as to frustrate access to government information. Others counter that only minimal charges are collected and that the true cost of FOI to Australian government and the community is understated.

Important legislative changes were introduced in 2010 to the FOI fees and charges regime. Those changes abolished application fees and reduced the charges that agencies can impose.

In introducing those changes, the Australian Government recognised the importance and sensitivity of this step and foreshadowed that the Australian Information Commissioner would be asked to commence a review of the charges regime within a year of these changes commencing.
In its response the Department of Foreign Affairs & Trade (DFAT) - not widely known for its frugality or efficiency - has called for the reinstatement of application fees. That call is echoed by the Department of Resources, Energy & Trade (DRET), which suggests $50 per application for non-personal requests [PDF]. The Department of Finance & Deregulation [RTF] suggests $40. IP Australia proposes a waivable application fee for all requests, personal or otherwise [PDF]. The response by the Department of Prime Minister & Cabinet (fear not, Sir Humphrey Appleby lives!) is a work of silky equivocation rather than leadership.

The agencies acknowledge that historically the cost of collecting the charges has outweighed the revenue; the Defence Department accordingly advises against reinstatement [PDF]. The calls for reinstatement appear to reflect -
• a desire to inhibit unstructured requests
• the failure of agencies to point potential applicants to information in other formats (eg in Hansard, Annual Reports and agency websites
What about processing fees? Not much joy for civil society advocates, journalists and academics from DFAT and DRET. The latter proposes $44.87 per hour for search and retrieval (an increase from the current $15), $59.83 per hour for decision-making (up from $20), $13.16 per page for transcripts (up from $4.40), and $0.30 per page for photocopying.

DFAT has proposed that foreign citizens be charged at a higher rate, citing an applicant from an overseas university who sought documents for an essay, taking up the time of a senior official for two weeks, and paid nothing for the documents after successfully applying for a waiver on financial hardship grounds.

29 December 2011

Offspring

More on frozen gametes, with 'A Chip Off the Old Iceblock: How Cryopreservation Has Changed Estate Law, Why Attempts to Address the Issue Have Fallen Short, and How to Fix It' by Benjamin Carpenter in 21 Cornell Journal of Law & Public Policy (2012) 1-80 arguing that
For thousands of years, the process for determining one’s heirs remained unchanged. For a woman, her heirs were fixed at her death; for a man, his heirs were fixed no later than nine months after his death. Then came cryopreservation and, with it, the ability for individuals to conceive children years after their death. This development has created many — largely unanswered — questions. While posthumous conception implicates numerous moral, ethical, and legal issues, this Article focuses on the legal status of posthumously conceived children in the estate law context.

Despite pleas from both courts and commentators, few legislatures have been willing to tackle this sensitive topic. Most judges and scholars who have addressed it agree the three primary goals of any response should be to ensure the efficient administration of estates, carry out the decedent’s intent, and protect the children’s best interests. However, no consensus has emerged regarding which of these goals should receive priority. These goals need not be mutually exclusive, though, but can each be achieved with appropriate legislation. In this Article, I take a critical look at the statutory and judicial approaches proposed to date, break down the strengths and weaknesses of each, and introduce two new concepts that bridge the gaps in the prior approaches. Specifically, statutes should (1) separate the question of whether a posthumously conceived child is an heir from whether the child will in fact inherit assets, and (2) provide fiduciaries discretion to distribute or retain assets when cryopreserved genetic material exists, based on certain conditions. These improvements will provide flexibility not found in prior approaches and, as a result, advance each of the three key goals. This Article provides legislatures, judges, and commentators who tackle this issue with both a comprehensive historical perspective on the issue and a blueprint to follow going forward.
Carpenter concludes -
Almost ten years ago, Chief Justice Margaret Marshall of the Massachusetts Supreme Judicial Court recognized:
As these [artificial reproduction] technologies advance, the number of children they produce will continue to multiply. So, too, will the complex moral, legal, social, and ethical questions that surround their birth. The questions present in this case cry out for lengthy, careful examination outside the adversary process, which can only address the specific circumstances of each controversy that presents itself. They demand a comprehensive response reflecting the considered will of the people.
To date, Massachusetts‘s legislature has ignored this appeal — as have the majority of legislatures around the country. Instead, they have passed the cost and burden of sorting out these issues to their citizens and courts.

The use of both assisted reproduction and cryopreservation will only continue to increase, however, and the issues they create require the attention of legislatures. Specifically, legislatures should recognize posthumously conceived children as a child of the deceased parent for probate purposes and for class-gift purposes if the decedent consented to the posthumous use of his or her genetic material for reproduction. Denying status in these contexts would neither regulate their parent‘s behavior nor, in most cases, create more efficient estate administrations. Recognizing these children, however, would carry out the decedent‘s intent, a hallmark of probate law, and protect the best interests of the innocent children by allowing them to qualify, at a minimum, for benefits unrelated to the decedent‘s estate (such as Social Security survivor benefits and inheritance through the deceased parent). However, courts should allow fiduciaries or custodians to distribute assets, without liability to themselves or the recipients, if the surviving spouse or partner does not notify them within four months after the decedent‘s death of his or her intent to use the decedent‘s genetic material. Further, the fiduciary or custodian should be free (but not required) to distribute the assets to the presumptive beneficiaries if the child is not born within a certain period of time after the deceased parent‘s death, such as three years. Importantly, though, the failure of the survivor to provide notice or to have the child within this period of time should not affect the child‘s status as an heir. Rather, it should just protect the fiduciary, custodian, and existing beneficiaries. A later-born child would still be eligible to receive other benefits as an "heir" (such as Social Security survivor benefits), to inherit through the decedent, to be a member of a class that remains open after the decedent‘s death, and to share in any assets that remain undistributed when the child is born.

28 December 2011

Broadcast guidelines

As a Christmas present to industry ACMA has released new non-enforceable Privacy Guidelines for Broadcasters [PDF], resulting from the first review of the co-regulatory guidelines introduced in 2005.

ACMA states that -
The new guidelines are principles-based and include case studies based on ACMA investigations into privacy complaints. Further guidance has been developed on invasions of privacy where a person’s seclusion has been intruded upon—whether or not in a public place.

Provisions on consent, children and vulnerable people, public figures, material in the public domain and public interest have also been revised.
The review featured 14 submissions - which identified weaknesses in the wording and basis of the Guidelines - and drew on two thin research reports: Community research into broadcasting and media privacy [PDF] and Australians’ views on privacy in broadcast news and current affairs [PDF] noted earlier this year.

ACMA indicates that -
A breach of these code privacy provisions will be investigated by the ACMA when:
• a code privacy complaint has been made to a broadcaster in accordance with the applicable code
• the broadcaster has not responded within 60 days or the complainant considers the broadcaster’s response inadequate
• a complaint is then made to the ACMA.

These guidelines are intended to
• increase general awareness of the privacy obligations under the various broadcasting codes
• assist broadcasters to better understand their privacy obligations under these codes.

The guidelines deal only with the codes. They do not deal generally with unlawful, unethical or distasteful journalistic practices.

Nor do they deal with privacy and privacy-related laws generally.

Some codes offer express privacy protections only in the context of news and current affairs broadcasts. Other codes offer privacy protections in respect of all broadcast content. Moreover, the privacy protections offered differ.

The precise privacy obligations to which each broadcaster is subject will depend on the terms of the applicable code.

The outcome of any investigation will depend on the facts of the case.
Release of the new Guidelines comes shortly after ACMA's unduly permissive stance regarding a Seven Local News report broadcast that featured photographs of a woman and her family and friends accessed from a Facebook RIP tribute page and a post entered by a 14 year old boy that included his name and Facebook profile photograph. Not a problem, said ACMA.

Open wide?

Data breach déjà vu, yet again, with a breathless report in the Canberra Times that "A website containing credit card details of hundreds of thousands of Canberra motorists has been left exposed to attack by cyber criminals because of lax procedures in the territory's public service".

The article appears to relate to the ACT Auditor-General's annual financial report [PDF].

The CT states that -
An investigation by the ACT Auditor-General's office found delays in the installation of critical security upgrades to the Rego ACT site were not undertaken in a timely manner, creating the risk of ''unauthorised access'', although the Government has not disclosed any security breaches.

The system, used by many of the city's 200,000 motorists to pay their registration fees by credit card, was left vulnerable many times over several years, the auditor's report found. The delays in installing security ''patches'', provided by the system's manufacturer, was part of a litany of weaknesses and gaps in government computer security systems, uncovered during the Auditor-General's annual financial audit process. The report found that password controls on government systems were weak and that security patches not being installed on time was a problem across the ACT Public Service

... the auditors were critical of the performance of both departments in managing the vital system after finding that the problem with the patches had existed for years.

''As in previous years, this system was not being promptly updated for security 'patches' that are regularly provided by the supplier of the system,'' the auditors wrote.

''This presents a higher risk that unauthorised users may exploit any known weaknesses in the system.''

The auditor's office identified security weaknesses across the Government's systems with password management emerging as a problem. ''These control weaknesses result in a higher risk of undetected unauthorised and possibly fraudulent access to the ACT Government network, firewalls, applications and data,'' the report says.

''The ACT Government's password complexity requirements were not fully enforced, some passwords were not 'forced' to be regularly changed, user access levels were not regularly monitored, and some critical 'patches' were not applied.

''This increases the risk of unauthorised, inappropriate and undetected access to the ACT Government network, firewalls, applications and data.''
After the usual flannel a spokesperson for the ACT government is reported as conceding that there was a need to improve confidence in the system and that 'documentation "has now been improved".
The ACT Government's password complexity requirements were not fully enforced, some passwords were not 'forced' to be regularly changed, user access levels were not regularly monitored, and some critical 'patches' were not applied.

This increases the risk of unauthorised, inappropriate and undetected access to the ACT Government network, firewalls, applications and data.

Murderabilia

'Celebrity Contagion and the Value of Objects' [PDF] by George Newman, Gil Diesendruck & Paul Bloom in 38 Journal of Consumer Research (2011) asks "why do people purchase objects that were once owned by celebrities, such as film stars or politicians, and also by despised individuals, such as serial killers and notorious dictators?". The authors examine three potential explanations - mere associations, market demands, and contagion (the belief that these objects contain some remnants of their previous owners) before concluding that although market demands play a role, contagion appears to be the critical factor affecting the valuation of celebrity possessions.
Manipulating the degree of physical contact that a celebrity has with an object dramatically influences consumers’ willingness to purchase it, and individual differences in sensitivity to contagion moderate this effect. Additionally, the valuation of celebrity possessions is principally explained by measures of contagion, and subliminally activating the concept of contagion changes consumers’ willingness to purchase celebrity objects.
They note that -
In 1996, Sotheby’s auctioned roughly 1,300 items from the estate of the late Jacqueline Kennedy Onassis. Before the auction began, Sotheby’s optimistically estimated the value of the entire lot at around $4.6 million. The total yield after 4 days was a staggering $34.5 million (USA Today, April 24, 1996). Some notable items included iconic pieces such as President Kennedy’s rocking chair, which sold for $453,500; his set of golf clubs ($772,500); and the desk on which the president signed the 1963 Nuclear Test Ban Treaty ($1.43 million). Many of the items, however, had little his- torical relevance, yet they still fetched remarkable sums of money, such as a tape measure ($48,875) and a set of books on Cape Cod ($21,850). Clearly, these items generated large prices because of where they had been and whom they had come into contact with, not their tangible properties or func- tional utility. For example, if the buyer of the tape measure discovered that it was actually not from the Kennedy household, he would presumably be outraged and want his $48,875 back, though nothing perceptible or tangible about the object would have changed.

The valuation of celebrity items, however, is not restricted to positively regarded figures, such as JFK. Curiously, there is also a market for items once belonging to hated and despised individuals. For example, items such as Charles Manson’s hair, paintings by John Wayne Gacy, and the personal effects of Saddam Hussein have been sold at specialty auctions, sometimes fetching tens of thousands of dollars per item (Stone 2007). And, recently, the U.S. government auctioned several items that belonged to the notorious fraudulent investor Bernard Madoff, including a footstool, originally listed at $360, which sold for $3,300, and a nondescript bar set, originally listed at $680, which sold for $2,200 (New York Times, November 15, 2010). Why are these objects valued? Do people value objects that belonged to despised individuals for the same reasons they value objects that belonged to well-regarded individuals?

One explanation is that celebrity possessions are valued because of their associations. Objects that were once owned or touched by specific people remind us of those people. This captures the fact that objects associated with admired individuals are positively valued. However, it also predicts that objects belonging to individuals who are explicitly disliked should carry no value at all. A second explanation has to do with intuitions about how these objects are valued by others (their market value). For instance, we might value objects that belonged to celebrities because we believe that there are other people who would later purchase them from us at higher prices or because others would be impressed that we own such things. A third account is rooted in the concept of contagion (Belk 1988; Rozin, Millman, and Nemeroff 1986). This is the belief that a person’s immaterial qualities or “essence” can be transferred to an object through physical contact.

The present studies demonstrate that the mere association of an object with a well-liked individual does not appear to be a significant driver of value. Moreover, while market forces do play a role, contagion appears to be the critical factor affecting the valuation of celebrity possessions. Specifically, we find that manipulating the degree of physical contact that a celebrity has with an object dramatically influences consumers’ willingness to purchase it, and individual differences in sensitivity to contagion moderate this effect. Additionally, the valuation of celebrity possessions is principally explained by measures of contagion, and subliminally activating the concept of contagion changes people’s willingness to purchase celebrity objects. In the remainder of this article we review the previous work on contagion and celebrity possessions and report the results of three experiments that use converging methodologies to test the role of contagion in the valuation of celebrity possessions.

27 December 2011

Memory

'Forgetting Footprints, Shunning Shadows. A Critical Analysis Of The “Right To Be Forgotten” In Big Data Practice' by Bert-Jaap Koops in (2011) 8(3) SCRIPTed 229-256 [PDF] argues that -
The so-called “right to be forgotten” has been put firmly on the agenda, both of academia and of policy. Although the idea is intuitive and appealing, the legal form and practical implications of a right to be forgotten have hardly been analysed so far. This contribution aims to critically assess what a right to be forgotten could or should entail in practice. It outlines the current socio-technical context as one of Big Data, in which massive data collections are created and mined for many purposes. Big Data involves not only individuals’ digital footprints (data they themselves leave behind) but, perhaps more importantly, also individuals’ data shadows (information about them generated by others). And contrary to physical footprints and shadows, their digital counterparts are not ephemeral but persistent. This presents particular challenges for the right to be forgotten, which are discussed in the form of three key questions. Against whom can the right be invoked? When and why can the right be invoked? And how can the right be effected? Advocates of a right to be forgotten must clarify which conceptualisation of such a right they favour – a comprehensive, user-control-based right to have data deleted in due time, or a narrower, context-specific right to a “clean slate” – and how they think the considerable obstacles presented in this paper can be overcome, if people are really to be enabled to have their digital footprints forgotten and to shun their data shadows
Koops comments that -
Looking at the world of Big Data we live in, I tend to believe that the data-deluge genie is out of the bottle. No matter how important the ideal of informational self-determination may be, users will not be able to put it back again. I doubt whether there is sufficient policy urgency in Europe to substantially change data-protection law to give data subjects a full-blown right to have data deleted, and to simultaneously mandate the forgetfulness-by-design that is required to make a right to be forgotten in any way meaningful. However, scholars and policy-makers with a different outlook may feel differently, and aim for devising legal and technical solutions that can address the challenges I outlined for a user-controlled right to be forgotten.

In any case, it is clear that a generic right to be forgotten does not currently exist. There are flavours of such a right in current data protection and sectoral “clean-slate” laws, but the first are limited in strength, the second are limited in scope. Given the different possible conceptualisations and their different foci, anyone who advocates the establishment of a full-blown right to be forgotten must clarify what this right means and how it can be effected. As argued in this paper, considerable obstacles need to be overcome if people are really to be able to have their digital footprints forgotten and to shun their data shadows.
The same issue of SCRIPTed features 'India’s New Data Protection Legislation: Do The Government’s Clarifications Suffice?' [PDF] by Raghunath Ananthapur, who criticises the Data Privacy Rules of 24 August 2011 issued by the Department of Information Technology. The Rules apply to 'sensitive data' of any individual collected, processed, or stored in India via a "computer resource" by a body corporate located in India.

Ananthapur comments that the Department has "sent positive signals by reacting quickly to the Indian outsourcing industry’s concerns by publishing clarifications to the Data Privacy Rules". The clarifications, "while they will certainly benefit the Indian outsourcing industry" are :half baked, and appear to have had, as the objective, exempting third party Indian outsource providers from the compliance with the most controversial provision – 'consent conditions'". Quite so.

In the UK the background briefing for the Protection of Freedoms Bill, which among other matters deals with restraints on biometrics, notes the 'opt in' to disregard convictions for consensual same sex activity (i.e. what has been decriminalised over the past 30 years, albeit might still be addressed under 'public order' and 'offensive behaviour' statutes in the UK and Australia).

The briefing states that -
Chapter 4 of Part 5 contains provisions that will allow individuals with a conviction or caution for an offence under section 12 (buggery) or 13 (gross indecency between men) of the Sexual Offenders Act 1956 (or the corresponding earlier offences or military service offices), involving consensual gay sex with another person aged 16 or over, to apply to the Home Office to have details of that conviction or caution disregarded. 
Consensual sex between men over the age of consent was decriminalised in 1967. Then the age of consent was 21 years, but it was lowered to 18 years in 1994 and to 16 years in 2000. However, details of any historic convictions for consensual gay sex with over 16s continue to be recorded on police records and appear on a CRB criminal record certificates. 
If an application to have a conviction or caution disregarded is granted, the details of that conviction or caution will be removed from the Police National Computer, and any local police or other records, and will no longer be revealed on a CRB certificate. In addition, a person with a disregarded conviction or caution will not have to disclose that conviction or caution to anyone under any circumstances, for example, on a job application or in court proceedings. 
There are estimated to be some 50,000 convictions and cautions recorded on the Police National Computer for section 12 and 13 offences; some 16,000 of these are estimated to relate to behaviour that is now decriminalised.

22 December 2011

Nosey Parkers

Three years ago this month the Western Australia state Transport Minister tabled a government review into the release by the Department for Planning & Infrastructure of private vehicle registration details. That information was provided to two non-government bodies: Wilson Parking and Westralia Airports Corporation.

That review followed criticism that the state government had provided Wilson, the dominant Australian carpark operator, with registration details (including home addresses) regarding 25,522 vehicles that had overstayed their welcome at Wilson's private facuilities. The registrants had not expected the state to provide that information to a commercial body.

As the Minister's statement (Legislative Council Hansard of 9 December 2008, p 1042) indicates, Wilson was billed $75,049.15 by the Department for the personal information. The state government subsequently tried to retrieve the information on several occasions and sought legal advice on how to force Wilson to hand back or destroy the data after what was characterised as "an honest mistake" made by "a junior staff member". Wilson "declined to return the information and subsequently made several unsuccessful attempts to pay the account".

The Department's Acting Minister, Ljiljanna Ravlich, said at the time that Wilson Parking should return the records, rather plaintively explaining that -
Now that it is explained to them that this has arisen due to a very junior person making this mistake then I think that morally they should give that information back.

I am very disappointed that this has happened. I can understand the disappointment of the people that have received these notices, but what I can tell you is that I am doing everything in my power to make sure that this does not occur again.
A Wilson representative demurred, commenting that "We're entitled to be able to, in accordance with the road traffic act, receive this information and then use it commercially to follow up on people who aren't complying with our terms and conditions". no enthusiasm there for changing the Act.

The document tabled by Ravlich's colleague noted a finding by the WA Corruption & Crime Commission (alas not online) that "no misconduct" had occurred. It was accompanied by the Minister's announcement that the department had agreed to implement all of the review’s 34 recommendations, including changes to legislation. He stated that "I will now progress this legislation as a matter of priority" and would fully support bringing about cultural change within the licensing area.

Three years later Wilson, the state government and registrant privacy are again in the news. The SMH reports that -
The confidential details of 10,000 WA drivers have been revealed to a private parking company pursuing customers for unpaid parking fees.

The state government gave the information to Wilson Parking during September and October after the company took action in the Supreme Court to be able to contact a handful of drivers who had parking debts.

The government was ordered by the Supreme Court to make the details available, but rather than only the targeted drivers', 10,031 other drivers' records were sent.
A thousand here, a thousand there ... the numbers soon add up.

Opposition transport spokesman Ken Travers is reported as commenting that the Government had reneged on its 2008 commitment, repeated in 2010, to protect drivers' confidential details.
This is just another example of a government that is quick to grab the headlines but when it comes to action and protecting people it is nowhere to be seen.

It is outrageous for the Barnett Government to not only renege on their promise, but it never informed the public their private details were being released.

If the government intends to release personal information there must be the proper framework in place for managing that information
Travers called for safeguards. He may be waiting some time, given the slow pace of legislative reform, complacency within the government transport/registration agencies and silence on the part of privacy advocates.

Last year Wilson won a WA Supreme Court order for access to the names and addresses of 20 vehicle owners that Wilson argued had not paid its parking breach notices. With that precedent, Wilson was back in court in July this year. The Transport Department was ordered to provide details regarding a further 10,000 motorists, claimed to represent about $600,000 in unpaid breaches.

That action has attracted criticism, given that Wilson does not have the authority to issue fines, instead relying on parking infringement notices under contract law (characterised - delightfully - as not a fine but a "pre-calculation" of Wilson's lost revenue and enforcement costs, ie liquidated damages).

IMS

'Sorrell v. IMS Health: Details, Detailing, and the Death of Privacy' by Ashutosh Avinash Bhagwat in Vermont Law Review (2012) considers the implications of the US Supreme Court’s recent decision in IMS Health v. Sorrell, 131 S. Ct. 2653 (2011).

In IMS Health the Court struck down a Vermont statute that banned the sale or disclosure by pharmacies of information regarding the prescribing habits of physicians, if that information was going to be used for the purposes of marketing by pharmaceutical manufacturers.

Bhagwat indicates that
I consider here an important issue that was raised, discussed, but ultimately avoided in IMS Health: what restrictions does the First Amendment place on the government’s ability to limit or prohibit the disclosure of pure data, in order to protect personal privacy. The issue could be avoided in IMS Health because the specific Vermont statute at issue in that case did not, as it happens, impose a general restriction on data disclosure for privacy reasons, it rather only restricted specific uses of regulated data, in order to advance state interests quite distinct from privacy concerns. The broader question of data regulation, however, is lurking in the wings of this and other litigation, and is likely to pose difficult challenges for courts in coming years, as the spread of the Internet drives legislatures to adopt increasingly stringent privacy laws.

While the IMS Health majority did not decide the data-disclosure issue posed in the case, it did address it in ways that strongly suggest the six justices in the majority would treat such disclosures as fully protected speech. Moreover, the analysis provided in this article demonstrates that the majority’s hints are fully justified by current Supreme Court doctrine. As currently interpreted by the Court, the First Amendment provides full constitutional protection to disclosures of even personal data, and so restrictions on such disclosures must survive strict scrutiny, a standard that has proven almost impossible to satisfy in the First Amendment context. As a consequence, under current law most statutes seeking to protect privacy by prohibiting data disclosure are likely to be invalidated.

In the balance of the article, I suggest that this result reflects a serious weakness in current doctrine, which is the failure to recognize that factual speech is distinct from, and requires different constitutional analysis than, the sorts of political and cultural speech that have traditionally been the mainstay of First Amendment litigation. In particular, drawing on a number of areas of developed law, I argue that speech consisting purely of specific factual data regarding individuals should be considered to be fully protected under the First Amendment only if the speech meaningfully contributes to the process of democratic self-governance. Other data should remain protected, but under a lower standard of scrutiny, perhaps an intermediate standard incorporating an element of balancing. I also briefly explore how different kinds of privacy laws might fare under such an approach.

Anonymous Gametes

'Rethinking Sperm-Donor Anonymity: Of Changed Selves, Non-Identity, and One-Night Stands' by I. Glenn Cohen, forthcoming in Georgetown Law Journal, comments that -
In the United States, a movement urging legally prohibiting sperm-donor anonymity is rapidly gaining steam. In her forthcoming article in this journal, 'The New Kinship', and in her wonderful book, Test Tube Families, Naomi Cahn is among this movement’s most passionate and thoughtful supporters. She argues for mandatory sperm-donor registries of the type in place in Sweden, Austria, Germany, Switzerland, the Australian states of Victoria and Western Australia, the Netherlands, Norway, and, most recently, the United Kingdom and New Zealand. The UK system is typical in requiring new sperm (and egg) donors to put identifying information into a registry and providing that a donor-conceived child “is entitled to request and receive their donor’s name and last known address, once they reach the age of 18.”

In this Article, I explain why the arguments for these registries fail, using Cahn’s article as my jumping off point.

I demonstrate four problems with the arguments she offers for eliminating anonymous sperm donation:
1) Her argument for harm to sperm donor and recipient parents fails in light of the availability of open-identity programs for those who want them, such that she imposes a one-size-fits-all solution where it would be better to let sperm donor and recipients parents choose for themselves.

2) Her argument for harm to children that result from anonymous sperm donation fails for reasons relating to the Non-Identity Problem. This portion of the Article summarizes work I have done elsewhere, most in-depth in 'Regulating Reproduction: The Problem With Best Interests', 96 Minn. L. Rev (forthcoming, 2011), and 'Beyond Best Interests', 96 Minn. L. Rev. (forthcoming, 2012 and up on SSRN soon).

3) She has sub silentio privileged analogies to adoption over analogies to coital reproduction. When the latter analogy is considered, her argument is weakened. I show this through a Swiftian Modest Proposal of a Misattributed-Paternity and One-Night-Stand Registry paralleling the one she defends for sperm donation.

4) The argument may not go far enough even on its own terms in endorsing only a “passive” registry in which children have to reach out to determine if they were donor conceived, rather than an “active” registry that would reach out to them. If we recoil from such active registries, that is a reason to re-examine the reasons in favor of the less effective passive ones.
For the reasons discussed, despite my admiration for this paper and all of Cahn’s work, I am not persuaded by the argument for adopting a mandatory sperm-donor identification registry of the kind in place elsewhere in the world. Indeed, I think these registries should be eliminated, not replicated. At a moment in which the idea of these registries is rapidly gaining popularity and attention in the United States, I hope my dissenting voice will be heeded.
The article is worthy of consideration.

21 December 2011

Vodafail

Past entries in this blog have noted the permissive stance of the national Privacy Commissioner regarding problems with the Vodafone dealer network and - by extension - with poor practice on the part of Vodafone's competitors.

Unsurprisingly, the deficiencies of the co-regulatory regime are evident in the belated response by the Australian Communications & Media Authority (ACMA) to the large scale Vodafone data breach.

The Australian Communications Consumer Action Network (ACCAN) has criticised ACMA's response to "Vodafail" as revealing "deep flaws" in the regulatory regime [PDF] -
Peak consumer body ACCAN says current and ex Vodafone customers will be left shaking their heads today when they discover that, 12 months on, the telecommunications regulator has let the provider off virtually scot-free for the widespread network, complaint-handling problems that plagued Vodafone customers last summer.
ACCAN goes on to comment that -
Following an investigation, the Australian Communications and Media Authority (ACMA) has issued Vodafone with “directions” to comply with the voluntary Telecommunications Consumer Protection Code.

“These ‘directions’ by the ACMA effectively mean what was a voluntary industry Code is now mandatory for Vodafone,” said ACCAN Chief Executive Officer Teresa Corbin.

“There are no fines and no sanctions that the regulator can issue as a result of this investigation, despite its findings of four serious Code breaches by Vodafone, including customer service representatives giving their customers incorrect and inconsistent advice while experiencing widespread network problems, and failing to adequately identify and address systemic complaints.”

“These network problems impacted on millions of Vodafone customers last summer and were it not for the negative publicity generated through the media picking up on the story, Vodafone might have continued to deny there was any.”

“The media in Australia do a great job but we don’t think holding the telecommunications industry to account should be left to journalists, consumer advocates and members of the public
ACMA notes the national telco regulator "has issued directions to two Vodafone companies requiring them to comply with the Telecommunications Consumer Protections Code (TCP Code)" -
‘These directions are intended to make sure Vodafone remains focussed on improving outcomes for its consumers by increasing the regulatory consequences of any further breach,’ said ACMA Chairman, Chris Chapman.

‘Certainly, Vodafone has made positive changes over the course of this year but, from this point on, if either Vodafone company fails to comply with the TCP Code, the ACMA can approach the Federal Court seeking civil penalties of up to $250,000.’
Crunch the numbers, of course, and the penalty of a few cents per customer sounds somewhat less impressive. ACMA has belatedly concluded that Vodafone Pty Limited and Vodafone Network Pty Limited -
• failed to classify and analyse complaints as required by the TCP Code
• failed to provide timely customer information about network performance issues in late 2010
• had poor systems in place for protecting the privacy of customers’ personal details prior to January 2011.
Vodafone and the rest of the industry are no doubt quivering in their boots.

As I indicated in a conference paper last month, large-scale data breaches in Australia will continue to occur as long as regulators lack the will/capacity to impose meaningful sanctions and shoddy practice - such as that evident in the recent Telstra data breach - is excused as normal (thus acceptable) industry practice.

Employment Law

The Commonwealth Minister for Employment & Workplace Relations has announced membership of and terms of reference for the Review of the Fair Work Act 2009 (Cth).

The three person committee - Reserve Bank Board Member John Edwards, former Federal Court Judge the Hon Michael Moore and Professor Ron McCallum AO - is to report by 31 May 2012.

The Minister's media release states that -
The Government believes the Fair Work Act is working well, but there is always room for improvement and I am very pleased these three eminent Australians have agreed to lead the review. They are all highly respected and will bring the level of independence and objectivity required for a review of this nature.

We will of course continue to consult with employer organisations, trade unions, employees, workplace relations experts and peak bodies throughout the review period and beyond.

The Fair Work Act underlines a balanced system for good workplace relations – one that promotes national economic prosperity and social inclusion for all Australians. Real economic prosperity and growth requires fairness and security in the workplace. This review reaffirms the Gillard Government’s fundamental commitment to these aims. ...

The review represents an important opportunity to have an evidence based discussion about the operation of the legislation and the extent to which its effects have been consistent with the Government’s objectives.
The Terms of Reference require the committee toexamine and report on -
The extent to which the Fair Work legislation is operating as intended including
• creation of a clear and stable framework of rights and obligations that is simple and straightforward to understand;
• the emphasis on enterprise-level collective bargaining underpinned by simple good faith bargaining obligations and related powers of Fair Work Australia;
vthe promotion of fairness and representation at work;
• effective procedures to resolve grievances and disputes;
• genuine unfair dismissal protection;
• the creation of a new institutional framework and a single and accessible compliance regime; and
• any differential impacts across regions, industries occupations and groups of workers including (but not limited to) women, young workers and people from non-English speaking backgrounds;
and

Areas where the evidence indicates that the operation of the Fair Work legislation could be improved consistent with the objects of the legislation.
The review will not examine issues to be separately addressed by Fair Work Australia as part of the review of all modern awards (other than modern enterprise awards and state reference public sector moderns awards) after the first two years as required by Fair Work (Transitional Provisions and Consequential Amendments) Act 2009 (Cth) Schedule 5, Item 6.

The Minister indicated that the review will draw on a range of sources regarding the operation of the Fair Work legislation. Key evidence gathering will include -
• the release of a background paper on the Fair Work legislation inviting stakeholders to make a submission to the review;
• meetings with key stakeholders/roundtable discussions to outline their experiences with the Fair Work legislation; and
vthe commissioning of any additional quantitative and qualitative data that may be required.
Qualitative and quantitative data collection to measure the regulatory impact of the legislation will include -
• the Department of Education, Employment & Workplace Relations’ Workplace Agreements Database;
• the Fair Work Ombudsman;
• Fair Work Australia;
• the Australian Bureau of Statistics;
• evidence sources developed by stakeholders; and
• other relevant statistical sources.

20 December 2011

Anonymity

The 43 page 'Lessons Learned Too Well', a paper by Michael Froomkin for the Oxford Internet Institute’s September 2011 conference A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society, "examines, contextualizes, and critiques an international trend towards the regulation of anonymity".

The paper -
describes private incentives and initiatives during the past decade that resulted in the deployment of a variety of technologies and services each of which is unfriendly to anonymous communication. It then looks at three types of government regulation, relevant to anonymity: the general phenomenon of chokepoint regulation, and the more specific phenomena of online identification requirements and data retention (which can be understood as a special form of identification).

The concluding section takes a pessimistic view of the likelihood that given the rapid pace of technical and regulatory changes the fate of online anonymity in the next decade will be determined by human rights law rather than by the deployment of new technologies or, most likely, pragmatic political choices. It therefore offers normative and pragmatic arguments why anonymity is worth preserving and concludes with questions that proponents of further limits on anonymous online speech should be expected to answer.

The consequences of an anonymity ban are likely to be negative. This paper attempts to explain how we came to this pass, and what should be done to avoid making the problem worse.
Froomkin comments that -
There are those who say that in order to be safe we will have to create an infrastructure of mandatory identification. Some, including many of those charged with making decisions for the public’s safety, clearly say it in the best of faith. Other argue, sometimes despite the evidence, that we in the US must do so to protect the profits of an industry important to our trade balance. It is all very well for academics, often living in genteel surroundings, to ask that we not give in to fear, and to reply that before we create a regime that may be persistent and eventually ineradicable we should first ensure that there are no less restrictive means, and that we should consider all the externalities. But that is our job.

Here, then, are a few suggestions for avoiding what could otherwise be an outcome we likely will regret, also based on lessons learned from the past twenty years or so. Several of these concepts are already present in European data protection law, but none of them are legal requirements in the US today.
• Demand evidence of the need for mandatory identification and data retention rules, and insist the rules be proportional to the need.
• Avoid rules that lock technology into law.
• Always consider what an identification rule proposed for one purpose can do in the hands of despots.
• Empower user self-regulation whenever possible rather than chokepoint regulation.
• Design filters and annotators before designing walls and takedown mechanisms.
• Require transparency. Make it an offense for devices to make records without clear, knowing, and meaningful consent on the part of the speaker, reader, listener, or viewer.
• Build alternatives in technology and law that allow people to control how much their counterparts know about them, and which by making selective release of information easier reduce the need for a binary choice between anonymity or data nudity.
• Require that privacy-enhancement be built in at the design level.
Those who disagree with these suggestions worry, with some reason, about new technology undermining the powers of states and sovereigns. Why is allowing people to speak freely to each other, without fear of eavesdroppers or retaliation, such a terrible thing? After all, most core government powers, like the power to tax, will not in fact be undermined in any substantial way by unfettered communication so long as we still need to eat and we want physical things such as houses. The issues are the same ‘four horsemen’ they have been for many years: fear of terrorism, money-laundering, child pornographers and drug-dealers, to which one might add in some countries, revolutionaries.

The flip side of these fears is the recognition that even if the power to speak freely and privately is sometimes misused, it is also empowering. Communicative freedom allows people to share ideas, to form groups, and to engage not just in self-realization, but in small scale and even mass political organization. Here then is the most important lesson to be learned, but one that needs to be learned over and over again:
Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical, minority views . . . Anonymity is a shield from the tyranny of the majority.
The Internet and related communications technologies have shown a great potential to empower end-users, but also to empower firms and especially governments at their expense. Governments (and firms) around the world have learned this lesson all too well, and are taking careful, thorough, and often coordinated steps to ensure that they will be among the winners when the bits settle.

The thing to watch out for, therefore, is whether we, and especially those individuals already burdened with repressive regimes, will be among the winners also.

Transparency

'WikiLeaks: The Illusion of Transparency' by Alasdair Roberts in International Review of Administrative Sciences, (2012) reaches the unremarkable conclusion about wikileaks transcendentalism. He comments that -
It has been said that the 2010 WikiLeaks disclosures marked "the end of secrecy in the old fashioned, cold-war-era sense." This is not true. Advocates of WikiLeaks have overstated the scale and significance of the leaks. They also overlook many ways in which the simple logic of radical transparency - leak, publish, and wait for the inevitable outrage - can be defeated in practice. WikiLeaks only created the illusion of a new era in transparency. In fact the 2010 leaks revealed the obstacles to achievement of increased transparency, even in the digital age.
Roberts argues that -
The WikiLeaks program is politically naive. It is predicated on the assumption that the social order -- the set of structures that channel and legitimize power -- is both deceptive and brittle. Deceptive, in the sense that most people who observe the social order are unaware of the ways in which power is actually used; and brittle, in the sense that it is at risk of collapse once people are shown the true nature of things. As Assange said in December 2006:
[I]n a world in which leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just systems. ... [M]ass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance (Assange 2006b).
The primary goal, therefore, is revelation of the truth. In the past it has been difficult to do this, mainly (it is assumed) because primitive technologies made it difficult to collect and disseminate damning information. But now these technological barriers to revelation are gone.

None of this is right. There is no such thing, even in the age of the internet, as the instantaneous and complete revelation of the truth. In its undigested form, information has no ransformative power at all. Raw data must be distilled; the attention of a distracted audience must be captured; and that audience must accept the message that is put before it. The process by which this is done is complex and easily swayed by commercial and governmental interests. This was true before the advent of the internet and remains true today. Moreover it is not clear that the social order is either deceptive or brittle. We might even say that WikiLeaks proved the reverse: that what was in fact going on behind the curtain was more or less what most people had suspected and were prepared to tolerate. Perhaps for this reason, revelations were not destabilizing. There does not appear to be any fundamental way in which these disclosures have changed realities about the exercise of American power abroad.

The diplomatic and national security apparatus of the United States government employs millions of people and consumes perhaps a trillion dollars annually. Its internal architecture -- a mass of laws, regulations, treaties, routines and informal understandings -- was built up over three-quarters of a century and is now extraordinarily complex. Little of this happened in secret. Most of the critical decisions about the development of American foreign policy, and about the apparatus necessary to execute that policy, were made openly by democratically elected leaders, and sanctioned by voters in thirty national elections.

None of this is meant to deny the need for stronger accountability, and thus increased transparency, for the diplomatic and national security apparatus. Precisely because of the scale and importance of this sector of American government, it ought to be subjected to close scrutiny. Existing oversight policies are inadequate and ought to be strengthened. The monitoring capacity of journalists and other nongovernmental organizations must be enhanced. And citizens should be encouraged to engage more deeply in debates about the aims and methods of U.S. foreign policy. All of these steps involve hard work. There is no technological quick fix. A major difficulty with the WikiLeaks project is that it may delude us into believing otherwise.

19 December 2011

Convergence and other Reviews

We're still imbued by the deregulatory zeitgeist, judging by the 22 page interim report [PDF] of the Australian Government's Convergence Review, concerned with "the policy and regulatory frameworks that apply to the converged media and communications landscape in Australia". The review is independent of the concurrent Independent Media Inquiry being undertaken by Finkelstein and Ricketson.

In summary, the interim report (for public comment by early February) emphasises reduced regulation, recommending -
• a platform-neutral regulatory framework focused on the new concept of Content Services Enterprises
• a new independent regulator for communications in the digital economy
• removal of content-related licenses
The key recommendations are -
A platform-neutral regulatory framework focused on the new concept of Content Service Enterprises

The regulatory framework should centre on entities classified as ‘Content Service Enterprises’. The technology-neutral definition of a Content Service Enterprise would be set intentionally high and should include threshold criteria relating to the scale and nature of entities supplying content services.

A new independent regulator for content and communications in the digital economy

A new independent regulator for content and communications that operates at arms-length from government and industry. The regulator should have flexible powers to make rules within the principles and policy frameworks established by legislation.

Removal of content-related licenses

Content licences should no longer be required to provide a content service.

New diversity and competition arrangements

The minimum number of voices rule in a local market should be revised to include all Content Service Enterprises. This new rule could cover entities such as national newspapers, subscription television and online providers, where they qualify as a Content Service Enterprise.

A public interest test should be developed to ensure that diversity considerations are taken into account where Content Service Enterprises with significant influence at a national level are involved in mergers or acquisitions.

The new regulator should be given broad and flexible powers to issue directions and make rules in order to promote fair and effective competition in content and communications markets.

Reform of spectrum planning and allocation arrangements

The government should develop a common and consistent approach to the allocation and management of both broadcasting and non-broadcasting spectrum. This approach will separate most existing content-related obligations of broadcast enterprises from licenses to use spectrum.

New platform-neutral Australian content arrangements

All Content Service Enterprises that provide audio-visual content, whether linear or non-linear, should be required to support Australian content. This could be done by either:
• Committing a percentage of total program expenditure to producing specified Australian content, or where this is not practicable,
• Contributing to a converged content production fund.
Commercial free-to-air (FTA) television broadcasters will eventually fall under the Content Service Enterprises arrangements. Transitional measures for commercial FTA television broadcasters include:
• 55% Australian content quota on the main channel to continue in the interim
• Some increase in Australian sub quota content obligations should be flexibly applied to reflect the two additional channels each broadcaster currently operates without content requirements.
Promotion of local content and community broadcasters

Commercial FTA broadcasters using spectrum should continue to devote a minimum amount of programming to material of local significance. A more flexible compliance and reporting regime for this content should be implemented.
Community broadcasters and local content providers should be encouraged to explore innovative ways to deliver local content, including on new delivery platforms.

Reinforcing the role of public broadcasters

The ABC and SBS charters should expressly reflect their range of existing services, including online activities. This will give commercial operators increased certainty about the boundaries of public broadcaster activities. Australian content quotas should apply to public broadcasters.
The interim report could usefully be read in conjunction with Malcolm Turnbull's recent lecture on 'Politics, Journalism and the 24/7 News Cycle' [PDF] at Melbourne University's Centre for Advanced Journalism.

The Productivity Commission, sea-green incorruptibles all, has concurrently released a report on Identifying and Evaluating Regulation Reform [PDF].

The Commission was asked to -
1. examine lessons gathered in Australia and overseas in reviewing regulation, identifying regulatory reform opportunities and priorities, and evaluating regulation reform outcomes.

2. build on such lessons to analyse possible frameworks and approaches for identifying poorly performing areas of regulation and regulatory reform priorities, and both qualitative and quantitative methods for evaluating regulation reform outcomes

3. In proposing enhanced frameworks and approaches to identify poorly performing areas of regulation and regulatory reform priorities, and methods for evaluating reform outcomes, to
• seek public submissions and consult with interested parties as necessary
• have regard to any other relevant current or recent reviews commissioned by Australian governments’ and
• have regard to the assessment of the OECD in its 2009 Review of Regulatory Reform in Australia — Towards a Seamless National Economy that there is likely to be limited scope for gains to regulatory quality through a further tightening of existing processes.
Its report indicates that -
The regulatory system should ensure that new regulation and the existing ‘stock’ are appropriate, effective and efficient. This requires the robust vetting of proposed regulation; ‘fine tuning’ of existing regulations and selecting key areas for reform. It also requires that these be performed in a coordinated and cost-effective way, with political leadership a key factor in all this.

There is a range of approaches to reviewing existing regulation and identifying necessary reforms. Some are more ‘routine’, making incremental improvements through ongoing management of the stock; some involve reviews that are programmed, and some are more ad-hoc.

Designed for different purposes, the techniques within these three categories can complement each other, though their usefulness varies.
• Among ‘management’ approaches, red tape targets can be a good way to commence a burden reduction program. But ‘one-in, one-out’ rules have more disadvantages than advantages. Regulator practices can play a key role in compliance burdens, with scope apparent for improvement.
• Reviews embedded in legislation can usefully target areas of uncertainty. Sunsetting can help eliminate redundant regulation and ensure that re-made regulation is ‘fit for purpose’, but requires good preparation. Post implementation reviews, triggered by the avoidance of a regulation impact statement, are an important failsafe mechanism but need strengthening.
• Public stocktakes cast a wide net and can identify cross-jurisdictional and cumulative burdens. Reviews based on a screening principle, particularly the competition test, have been highly effective and could be extended. In-depth reviews are best for identifying options for reform in more complex areas, while benchmarking can point to leading practices.
Good design features vary for the individual techniques, but all require sound governance and effective consultation. For significant reviews, public exposure of preliminary findings is a key success factor.

While Australia’s regulatory system now has the necessary institutions and processes broadly in place, there remains scope for improvement in:
• prioritisation and sequencing of reviews and reforms — with greater attention paid to the costs of developing and undertaking reforms
• monitoring of reviews and the implementation of reforms
• advance information to achieve better focused consultations
• incentives and mechanisms for good practice by regulators — with a further review needed to identify the best approaches
• building public sector skills in evaluation and review.

18 December 2011

Bioethics

University of Pennsylvania bioethicists Lance Wahlert & Autumn Fiester have argued for a queer bioethics, noting claims that bioethics has to be reconceptualised to challenge the status quo, include the disadvantaged and encourage self-reflection among practitioners.

Their 'Queer Bioethics: Why Its Time Has Come' in 26(1) Bioethics (2011) calls for a bioethical analysis that accommodates LGBTQI (lesbian, gay, bisexual, transgender, queer, and intersex) people -
Queer bioethics requires us to take a two-fold approach: (1) We must pay greater attention to the topics, identities, and issues that are blatantly queer, for the service of queer persons; and, (2) We must examine the most common, the most pedestrian, and the most germane of universal health issues (those we wouldn't even instinctively think of as 'queer') and imagine how they might be complicated or rendered troubling by the injection of queer personhood."
Unfortunately the call does not feature a coherent agenda ... it would be useful to move beyond exhortations that "The time for queer bioethics is now". The authors state that -
LGBTQI bioethics, what we call ‘queer bioethics,’ meets all of the demands made by the discipline’s critics. It places the ‘less powerful’ center-stage; it chal- lenges the status quo and the presumptive legitimacy of the normative; it employs powerful intellectual resources from neighboring fields (queer theory, disability studies, medical humanities, and the history of medicine); and, it challenges our complacency in the face of injustice and discrimination in medical encounters, systems, and policies. Given a parallel urgency to the other topics that critics press us to address, the time for queer bioethics is now.
They comment that -
to address and to redress the topics that speak to queer bioethics is to do more than just highlight and collate a list of LGBTQI issues that need attention. This is certainly an indispensable aim of a queering of bioeth- ics; but it does not go far enough. A far loftier goal is to outline how doing queer bioethics constitutes more than expanding the canon of bioethical topics to include queer ones. Rather, queer bioethics mandates a change in both the topical and the methodological approaches to queer identity. To address the former, we maintain, of course, that we must make bioethicists pay greater attention to the ‘queer’ (as a noun) – the persons, identities, and LGBTQI health care matters central to the population in question. But we must also be mindful of the latter by encouraging bioethics to ‘queer’ itself (as a verb) – whereby otherwise non-queer subjects are considered for their sexual variations, are distorted to envision an appre- ciation that is not hetero-normative, and are re-imagined such that conventional notions and readings of patient selfhood (especially sexual- and gender-related ones) face directly the perils of marginalization and stigmatization.
They conclude that -
When it comes to gay, bi, trans, and intersex persons and patients, then, we have to ask multiple questions that might explain the field’s silence – or maybe even its avoid- ance of these persons altogether. Are queer patients being deemed ‘less sympathetic’ or perhaps ‘guilty’ in some unspoken way? Are they somehow read as distasteful and even culpable within the bioethical gaze for their indi- vidual gayness, seropositivity, gender nonconformity, or non-traditional family structures? Have we conflated, in particular in the wake of AIDS, a cultural notion of contagion with the very idea of queerness? In other words, is there an unacknowledged concern that, by showing an interest in queer matters, bioethicists are apprehensive to ‘out’ themselves – not just as queer, but also, more broadly, as queer-invested?

17 December 2011

Reputation

SSRN has released Mark Davison's 'Reputation in Trade Mark Infringement: Why Some Courts Think it Matters and Why it Should Not' - published in 38 Federal Law Review (2010) 231.

Davison comments that -
Australian case law on infringement of registered trade marks has placed an increasing emphasis on the reputation of the owner of the registered trade mark in determining whether infringement has occurred. Consideration of the trade mark owner's reputation has been included in determining whether the sign used by the defendant is deceptively similar to the registered trade mark and, more recently, in determining whether the defendant has used its allegedly infringing sign 'as a trade mark'. Neither development is consistent with either the law relating to registered trade marks or the underlying policy reasons for the system of registration. This article discusses the case law which has introduced the tendency of the courts to consider the reputation associated with an owner of a registered trade mark in determining infringement proceedings, the reasons why such an approach is not consistent with the legislation nor with the rationale underlying our registered trade mark system.

In particular, one of the objectives of the registered trade mark system is to provide a bright line that delineates the property rights of the registered owner. The bright line is publicly available information as to who has the rights in a trade mark and what those rights are. These rights are defined by reference to the act of registration, not by reference to the rights to protection of the reputation of the registered owner conferred by a passing off action which are independent of the rights flowing from registration. Consequently, if the rights conferred by registration are diminished or enhanced by reference to the trade mark owner's reputation, the exercise of delineating the rights of the owner in advance would be rendered nugatory to the extent that they are so diminished or enhanced. For that reason alone considerable caution should be exercised before introducing evidence of a trade mark owner's reputation in the process of determining whether its trade mark has been infringed.
He offers five conclusions -
First, the reputation of a registered owner is never relevant to the question of use of a sign as a trade mark by a defendant. The decisions to the contrary are simply wrong.

Second, the only circumstance in which the reputation of the registered owner may be relevant to the issue of deceptive similarity is where judicial notice of that reputation is, and can be taken. Consequently, evidence on the point is neither required nor even permissible for this purpose. The circumstances in which such judicial notice will be taken will be very limited.

Third, extreme care must be taken to identify which aspect of the trade mark owner's judicially noticed reputation will be taken into account. In particular, the relevant reputation must be the reputation of the registered trade mark, not other aspects of the trade mark owner's reputation. Otherwise, the inquiry becomes a general one relevant to passing off actions but not relevant to trade mark infringement proceedings.

Fourth, the extremely limited circumstances in which reputation may be relevant and the tendency to incorrectly rely on aspects of reputation not based on components of the registered trade mark, coupled with the far greater importance of other aspects of the comparison of the allegedly infringing sign and registered trade mark, suggests that the starting point of courts should be to ignore reputation altogether in considering trade mark infringement issues. At best, reference to reputation should be an extremely rare event.

Fifth, all of the above conclusions are not only consistent with, but required by, both the wording of the trade marks legislation and the underlying policy objectives. The act of registration alone should define the rights of a registered owner. By doing so, there is both an incentive to register and a corresponding incentive to contribute to a system which is more transparent than the protection of common law trade marks. The introduction of considerations of reputation into determining trade mark infringement unnecessarily complicates litigation and understanding of the positions of trade mark owners.

16 December 2011

Hatespeech

In Monis v R; Droudis v R [2011] NSWCCA 231 the Supreme Court of New South Wales, Court of Criminal Appeal has determined that the offence of using a postal service to offend - within s 471.12 of the Criminal Code 1995 (Cth) - does not infringe upon the implied constitutional freedom of political communication.

The Court held that although the law effectively burdens the freedom, it does so in a way which is consistent with the maintenance of the system of government prescribed by the national Constitution. The law would only be breached if a person mindful of the robust nature of political debate, and considerate of the accepted boundaries of that debate, would conclude that the use of the postal service was offensive.

Man Haron Monis (aka Sheik Haron) had appealed against conviction regarding multiple indictments of using a postal or similar service to menace, harass or cause offence. He was charged with 12 counts of using a postal service, (ie Australia Post)in a way that a reasonable person would regard as being, in all the circumstances, offensive contrary to s 471.12 of the Criminal Code 1995 (Cth). He was also charged with one count of using a postal service, Australia Post, in a way that reasonable persons would regard as being, in all the circumstances, harassing contrary to s 471.12 of the Code .

In April Monis he unsuccessfully sought to have the case dismissed in the NSW District Court. The charges in R v Monis; R v Droudis [2011] NSWDC 39 reflect the allegation that he had sent offensive letters to the wives and families of Australian soldiers who died in Afghanistan and to the family of a trade official who died in last year's Jakarta bombing. Copies were also allegedly sent to the Defence minister, Prime Minister and Opposition Leader. Monis unsuccessfully argued the charges were invalid because they infringed on the implied constitutional freedom of political communication.

Tupman DCJ in rejecting that argument identified factors considered in determining whether the Act is appropriate and adapted to achieve its legitimate end. Those factors include -
That the impact on political and governmental communications of S471.12 is only indirect and incidental. The intention of the provision, particularly viewed in the light of its legislative history, is broadly to prevent public postal services being used to disseminate more generally offensive material, not to regulate or limit dissemination of political and governmental communication through the post.

That it is a provision giving rise to a criminal sanction.

That this provision may have a chilling effect on political communication because its limits are uncertain and might amount to massive overreach to achieve its legitimate ends, leading to the risk of selective prosecution.

That in terms there are no defences for an offence committed under the section, but this I accept is subject to the important qualifying words in the section ' ... that reasonable persons would regard as being, in all the circumstances ...' .

That this is a provision enacted post Lange so that it can be inferred that the legislature did not intend the section to catch postal communications which are genuinely political or governmental communications in their true context, but rather that it apply to communication that is offensive in a way that goes beyond its relevance to political debate or beyond its political purpose.

That any impact on the implied freedom is limited by the fact that, if at all, it applies only to postal services, and that representative government and political discourse which underpins democratic and representative government is not broadly affected by the provision.

Significantly in my view are the words appearing in the Section, ' ... that reasonable persons would regard as being, in all the circumstances ...' as a qualifier of the term 'offensive' . This is not just relevant to a construction of the term 'offensive' but is important because it means that the law is not unqualified or unlimited in its operation, which was a matter Justice McHugh considered important in determining the validity of the disputed provision in Coleman v Power. These qualifying words would in my view allow the tribunal of fact to determine the context in which the postal service was used by an accused person, including the intended identity of the recipient of a postal communication, any circumstances surrounding that person and his or her receipt of such an article, the circumstances of the accused including it seems to me his state of mind and the extent to which that might be genuinely reflected in the content of the communication, contemporary debate about current political issues, contemporary values about political debate in a robust democracy and similar maters concerning the circumstances in which such a communication is made."
The Court of Criminal Appeal earlier this month unanimously endorsed the rejection of the request to dismiss the charges, commenting that "Whilst at one level the letters are critical of the involvement of the Australian military in Afghanistan, they also refer to the deceased soldiers in a denigrating and derogatory fashion". It indicated that people had a right to expect that communications that arrived at their home or office would not "undermine or threaten a legitimate sense of safety or security of domain".

The Attorney General, intervening in support of the respondent, supported the construction of the word "offensive" found by the primary judge. He pointed out that it would not be expected that a section creating a criminal offence with a maximum penalty of two years would be created for behaviour that was trivial or minor such as merely hurting or wounding feelings. He submitted that because the word was associated with menacing and harassing, it connoted behaviour likely to arouse significant emotional reactions of a similar nature.
The Attorney General also pointed to the fact that the use of the postal service related to the method of use as well as the content of the communication. He submitted that this demonstrated that one of the purposes of the legislation was to protect the integrity of the post.

The Solicitor General who appeared on behalf of the Attorney General did not seek to support the submission made by the respondent that the first of the two questions posed by Lange should be answered in the negative, but submitted that the legislation was reasonably appropriate and adapted to secure a legitimate end compatible with the maintenance of a system of representative and responsible government. He pointed to the fact that the question was not whether the choice made by parliament in enacting the legislation was preferable or desirable but rather whether it was reasonable. He also drew the distinction between laws that have as their purpose the restriction of communication on governmental or political matters and those that merely affect such communications incidentally. He submitted that the law in question in the present case fell into the latter category and, as the limiting effect was incidental and unrelated to the political nature of the communication, an affirmative answer to the second question posed by Lange was unlikely.

The Solicitor General submitted that in those circumstances the primary judge was correct in her conclusion, particularly having regard to the fact that for there to be a contravention, the communication must be offensive to a reasonable person in all the circumstances.
The appeal by Monis's co-accused, Amirah Droudis, charged with eight counts of aiding and abetting the sending of the letters, was also dismissed.

The Ausralian jurisprudence differs from that in the US, where speech that is offensive but does not involve threats has received greater protection. A salient example is expression by adherents of the Westboro Baptist Church, infamous for homophobic protests at the funerals of US military casualties. That hatespeech is discussed in works such as 'Not Your Mother's Remedy: A Civil Action Response to the Westboro Baptist Church's Military Funeral Demonstrations' by Chelsea Brown in 112 West Virginia Law Review (2009), 'The First Amendment Right Against Compelled Listening' by Caroline Corbin in 89 Boston University Law Review (2009) 939, 'The Respect for America's Fallen Heroes Act: Conflicting Interests Raise Hell with the First Amendment,' by Rebecca Bland in 75 University of Missouri-Kansas City Law Review (2006-2007) 523 and 'The Constitutionality of Let Them Rest in Peace Bills: Can Governments Say Not Today, Fred to Demonstrations at Funeral Ceremonies' by Katherine Ritts in 58(1) Syracuse Law Review (2007-2008) 137.