Geolocation, surveillance and smart vehicles

The New York Times in an article about 'in-car surveillance' features a classic own goal

Jim Farley, Ford Motor Company’s top sales executive, who is known for making off-the-cuff comments, told a panel at the CES: “We know everyone who breaks the law. We know when you’re doing it. We have GPS in your car, so we know what you’re doing.” Although he quickly added, “By the way, we don’t supply that data to anyone,” and later issued a full retraction, the comments, even if overblown and meant to be provocative, fueled the concerns. 

Ouch.

The article notes that senators John Hoeven and Amy Klobuchar are about to introduce a bill stipulating that US car owners control the data collected on vehicle event data recorders, which will be mandatory from September 2014 and which collect data such as direction, speed and seatbelt use in a continuous loop.

The data collected by the black box has already been the center of litigation by law enforcement agencies and insurance companies seeking to use the information against car owners. The bill would limit what the data could be used for and would require a warrant to release the data without the owner’s consent.

 Khaliah Barnes of the Electronic Privacy Information Center is quoted as commenting that vehicle owners should be able to request and delete at their discretion the information recorded by manufacturers. “Consumers should decide what level of surveillance they want to be under. None of that should be on default. You should have to opt in.”

At the CES, G.M. introduced a new camera in the 2015 Corvette Stingray designed to give track enthusiasts real-time feedback on their driving. The performance data recorder, as it is called, uses a camera mounted on the windshield and a global positioning receiver to record speed, gear selection and brake force.

The Corvette’s system goes further than traditional black boxes.

A camera mounted on the windshield records the driver’s point of view and a microphone in the cabin records any noises made in the car.

Chevrolet said that the consumer owned the data, which is collected in a digital card housed in the glove compartment.

But privacy lawyers say that the information can still be used against a driver, as well as G.M. and its suppliers, in litigation or by an insurance company investigating a driver’s habits. . . .

Garmin introduced a new windshield-suctioned camera that turns on automatically when the car starts. It records wide-angle footage as well as speed, location and time in the event of a collision, and also has a microphone that can record sound from within the car.

“We hope it takes some of the ‘he said, she said’ out of an incident in your car,” said Ted Gartner, a spokesman.

He said the device’s owner also owned the data and that Garmin could not access it.

“There’s no way that we have access to that data because there’s no way to transfer the data out of the car wirelessly,” Mr. Gartner said. 

The Times notes this week's Government Accountability Office report, requested by Senator Al Franken.

The report found that the 10 automakers, navigation device manufacturers and application developers surveyed did not make owners aware of all the risks of the data collection, like allowing third parties to track their location or gather sensitive information such as their religious and political activities and preferences.

“Information about your location is extremely sensitive,” said Senator Franken, who is chairman of a Judiciary subcommittee on privacy and said he planned to introduce a bill that would legislate guidelines on when a vehicle owner’s location could be shared. “If someone has a record of your location, they can figure out where you live, where you work, the doctors you visit and where your kids go to school.”

The 32 page GAO report - In-Car Location-Based Services: Companies Are Taking Steps to Protect Privacy, but Some Risks May Not Be Clear to Consumers - states that

Representatives from all 10 selected companies--auto manufacturers, portable navigation device (PND) companies, and developers of map and navigation applications for mobile devices--said they collect location data to provide consumers with location-based services. For example, companies collect location data to provide turn-by-turn directions. Nine companies share location data with third-party companies, such as traffic information providers, to provide services to consumers. Representatives from two companies said they share data where personally identifiable information has been removed (de-identified data) for purposes beyond providing services (e.g., for research), although such purposes are not always disclosed to consumers. All company representatives said that they do not share personally identifiable location data with or sell such data to marketing companies or data brokers.

All 10 selected companies have taken steps consistent with some, but not all, industry-recommended privacy practices. In addition, the companies' privacy practices were, in certain instances, unclear, which could make it difficult for consumers to understand the privacy risks that may exist.

Disclosures: Consistent with recommended practices, all selected companies disclose that they collect and share location data. However, inconsistent with recommended practices, nine companies' disclosures provide reasons for collecting data that are broadly worded (e.g., the stated reasons for collecting location data were not exhaustive), and five companies' disclosures do not describe the purposes for sharing de-identified location data. Without clear disclosures, risks increase that data may be collected or shared for purposes that the consumer is not expecting or might not have agreed to.

Consent and controls: Consistent with recommended practices, all selected companies obtain consumer consent to collect location data and obtain this consent in various ways. In addition, all companies offered consumers some controls over location data collection. However, if companies retained data, they did not allow consumers to request that their data be deleted, which is a recommended practice. Without the ability to delete data, consumers are unable to prevent the use or retention of their data, should they wish to do so.

Safeguards and retention: All selected companies take steps to safeguard location data--a recommended practice--but use different de-identification methods that affect the extent to which consumers may be re-identified and exposed to privacy risks. Also, there is wide variation in how long companies retain vehicle-specific or personally identifiable location data. To the extent that a company's de-identification methods allow a consumer to be identified or that identifiable data are retained, risks increase that location data may be used in ways consumers did not intend or may be vulnerable to unauthorized access.

Accountability: All selected companies disclose to consumers or take steps to protect location data that they share with third parties; such efforts are consistent with recommended practices. However, inconsistent with recommended practices, none of the selected companies disclose to consumers how they hold themselves and their employees accountable. The companies told GAO that internal company policies serve this function.

Breach and privacy penalties

The New York Times features more on the [US] Target data breach -

Target on Friday revised the number of customers whose personal information was stolen in a widespread data breach during the holiday season, now reporting a range of 70 million to 110 million people.

The stunning figure represents about a third of all American adults at the low end, and is nearly three times as great as the company’s original estimate at the upper end. The theft is one of the largest ever of retail data.

Not only did Target’s announcement disclose a vastly expanded universe of victims, but it revealed that the hackers had stolen a broader trove of data than originally reported. The company now says that other kinds of information were taken, including mailing and email addresses, phone numbers or names, the kind of data routinely collected from customers during interactions like shopping online or volunteering a phone number when using a call center.

On Dec. 19, Target confirmed reports that payment data was stolen from about 40 million customers who shopped in its stores in the United States from Nov. 27 to mid-December. As its investigation into the theft continued, the company said it had found that an additional quantity of data, collected over time on 70 million people and stored separately from the in-store data, was stolen. ....

The effect of the data theft has reached far beyond one of the nation’s largest retailers. Major credit card companies and banks have been issuing warnings about potential fraud to their customers and providing them with new cards and account numbers as a precaution. Some banks have limited cash withdrawals. As banks and companies continue to monitor customers’ accounts for suspicious activity, the Secret Service and the Justice Department have opened an investigation.

“This will impact many Target business partners — Visa, MasterCard and the host of banks and credit agencies that now have to keep an eye on the 110 million customers now vulnerable to identity theft,” said Hemu Nigam, founder of SSP Blue, a security and privacy consulting firm. “It affects more than Target customers. It affects mortgage lenders and car sales. It affects the entire economic infrastructure.”

Fraud experts said the information stolen from Target’s systems quickly flooded the black market. On Dec. 11, shortly after hackers first breached Target, Easy Solutions, a company that tracks fraud, noticed a 10 to twentyfold increase in the number of high-value stolen cards on black market websites, from nearly every bank and credit union.

The company apologized again on Friday for the broadening violation of its customers’ privacy.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Gregg W. Steinhafel, Target’s chief executive, said in a statement....

After the initial breach, Target said that it had protected customers’ payment information with encryption and that it had stored the keys to descramble it on separate systems not affected in the breach. But the encryption algorithm Target used to protect that data — a standard known as triple DES, or 3DES — is vulnerable in some cases to so-called brute force attacks, when hackers use computers for high-speed guessing. In a breach on Adobe last year, hackers were able to bypass 3DES encryption through brute force attacks and exposed tens of millions of Adobe passwords within weeks of the breach.

On Friday, a Target spokeswoman would not comment on whether the second batch of information stolen from its 70 million customers was encrypted.

In Europe France's CNIL has imposed a €150,000 penalty on Google.

CNIL's action was foreshadowed here. A €900,000 penalty last year by the Agencia Española de Protección de Datos (AEPD) was noted here.

CNIL indicates that its Sanctions Committee imposed the penalty

upon considering that the privacy policy implemented since 1 March 2012 does not comply with the French Data Protection Act. It ordered the company to publish a communiqué on this decision on its homepage Google.fr, within eight days as of its notification. 

On 1 March 2012, Google decided to merge into one single policy the different privacy policies applicable to about sixty of its services, including Google Search, YouTube, Gmail, Picasa, Google Drive, Google Docs, Google Maps, etc. Nearly all Internet users in France are impacted by this decision due to the number of services concerned.

The G29 (the Working Group of all EU Data Protection Authorities) then decided to carry out an assessment of this privacy policy. It concluded that it failed to comply with the EU legal framework and correspondingly issued several recommendations, which Google Inc. did not effectively follow-up upon. 

Consequently, six EU Authorities individually initiated enforcement proceedings against the company. In this context, the CNIL's Sanctions Committee issued a monetary penalty of €150,000 to Google Inc. on 3 January 2014, upon considering that it did not comply with several provisions of the French Data Protection Act.

In its decision, the Sanctions Committee considers that the data processed by the company about the users of its services in France must be qualified as personal data. It also judged that French law applies to the processing of personal data relating to Internet users established in France, contrary to the company's claim.

On the substance of the case, the Sanctions Committee did not challenge the legitimacy of the simplification objective pursued by the company’s merging of its privacy policies.

Yet, it considers that the conditions under which this single policy is implemented are contrary to several legal requirements:

• The company does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing. They may therefore neither understand the purposes for which their data are collected, which are not specific as the law requires, nor the ambit of the data collected through the different services concerned. Consequently, they are not able to exercise their rights, in particular their right of access, objection or deletion. 

• The company does not comply with its obligation to obtain user consent prior to the storage of cookies on their terminals. It fails to define retention periods applicable to the data which it processes. 

• Finally, it permits itself to combine all the data it collects about its users across all of its services without any legal basis.

These conclusions are similar to those laid down by the Dutch and Spanish Data Protection Authorities in November and December 2013 on the basis of their respective national laws. 

This financial penalty is the highest which the Committee has issued until now. It is justified by the number and the seriousness of the breaches stated in the case. 

Furthermore, the Sanctions Committee ordered Google Inc. to publish a communiqué on this decision on the website https://www.google.fr, during 48 hours, within eight days as of the notification of the decision. This publicity measure is justified by the extent of Google’s data collection, as well as by the necessity to inform the persons concerned who are not in a capacity to exercise their rights.

Paternity

In Gonzalo Miró v Gestevisión Telecinco SA the Spanish Constitutional Court has held that speculation during a 2005 broadcast about the paternity of television presenter Romero Gonzalo Miró violated his right to privacy.

The broadcast by Gestevisión Telecinco claimed that Gonzalo Miró had 'a big secret', with his mother Pilar Miró having taken the undisclosed identity of his father "to the grave". As I have noted in past posts, it is desirable to differentiate between public interest and public curiosity; reports about the judgment do not seem to indicate that there was a compelling public interest in knowing who was Gonzalo Miró's dad if mother and son did not want to share the information with the crowd. One of the broadcasts reportedly indicated that the father's initials, mentioned the name of a man with those initials and feature photographs of that man with Gonzalo Miró.

Litigation by Gonzalo Miró in his own name and in the name of his late mother regarding an injury to his right to privacy was dismissed by the Court of First Instance in June 2006. His appeal was successful, with an award in his favour of €300,000. The broadcaster appealed to the Supreme Court, which dismissed Gonzalo Miró's claim in June 2010 on the basis that there had been no violation of privacy because the programs involved speculation.

Gonzalo Miró appealed to the Constitutional Court, which in November last year found in his favour, holding that parentage is part of an individual's private life and that the right to privacy “implies the existence of an area which is reserved against the action and knowledge of others”, with a duty to refrain from unjustified interference. Reports indicate that the Constitutional Court rejected the speculation argument, holding that

The right to privacy may be affected not only by the specific and truthful statement about the identity of the father of appellant, but by mere speculation or rumors about his parentage. 

Interestingly, the Court appears to have recognised a post-mortem of the right to privacy, reflecting application by Gonzalo Miró in the name of his deceased mother and his own name.

The Court  noted a tension in arguments by the broadcaster:  claiming to reveal a "big secret" but denying that privacy had been violated. It also noted that although an intimate detail may become well known without that person's consent it may still be protected by the right to privacy. Denial of that protection would burden the individual with litigation  to avoid passivity being construed as a waiver of privacy.

Tort

'Serious Invasions of Privacy in the Digital Era: Australian Privacy Foundation Submission to the Australian Law Reform Commission' (UNSW Law Research Paper No. 2013-79) by Bruce Baer Arnold, David F. Lindsay, Graham Greenleaf, David Vaile, Nigel Waters and Roger Clarke comments that

The Australian Privacy Foundation strongly endorses establishment in national legislation of a cause of action for serious invasion of an individual’s privacy which, for convenience, this submission shall generally refer to as a statutory tort. The submission answers the 27 questions asked by the Australian Law Reform Commission (ALRC) in its October 2013 Issues Paper 'Serious Invasions of Privacy in the Digital Era'.

Such a tort has been recommended by a succession of law reform commissions and other bodies. Recurrent recommendation demonstrates that there is a substantive and significant need for the tort and that after wide consultation those bodies consider that legislation is both desirable and viable. The tort has not been ruled out by the High Court and could be accommodated under the national constitution. As noted by the law reform commissions the tort will not inhibit effective law enforcement or national security activity. It will not inhibit the implied freedom of political communication, a freedom that the High Court and Supreme Courts have indicated is not absolute. There is no reason to believe that the tort will burden the legal system with inappropriate litigation. Criticisms of the tort are exaggerated and typically reflect vested interests.

Fundamentally, the tort offers an effective remedy for problems that are evident in Australian law, that are of concern to many Australians, and that have been acknowledged by both courts and law reform bodies over a considerable period of time. The tort will provide coherence across the Australian jurisdictions, where there is major inconsistency including, for example, in surveillance devices legislation. The tort will also offset regulatory incapacity, in particular the very restricted scope of the Privacy Act 1988 (Cth) – concerned with information privacy – and under-resourcing of the Office of the Australian Information Commissioner (OAIC). It will fill a long-standing gap in the common law protection of the right to privacy, which is not adequately covered by existing causes of action. The Foundation further considers that an important role of the tort is in signalling to all Australians that privacy should be respected as a matter of rights and obligations; that ‘signalling’ function is likely to be as significant as any deterrent associated with damages under the tort. 

Desire

'Inferring Desire' by Jessica Clarke in (2013) 63 Duke Law Journal 525 comments that

In the course of debates over same-sex marriage, many scholars have proposed new legal definitions of sexual orientation to better account for the role of relationships in constituting identities. But these discussions have overlooked a large body of case law in which courts are already applying this model of sexual orientation, with inequitable results.

This Article examines a set of fifteen years of sexual harassment decisions in which courts have endeavored to determine the sexual orientations of alleged harassers. Under federal law, sexual harassment is actionable because it is a subspecies of sex discrimination. A man who makes unwanted sexual advances toward a woman discriminates on the basis of sex, courts presume, because he would not have made sexual advances toward another man. In 1998, the Supreme Court ruled that the same presumption is available in a case of same-sex harassment, i.e., a man harassing a man, if there is “credible evidence that the harasser was homosexual.” Since then, federal courts have decided 154 cases on whether a harasser was homosexual or experienced same-sex desire, often conflating the two questions.

Empirical assessment of these cases raises questions about legal determinations of sexual orientation and sexual desire. First, it finds that courts rely on overly simplistic assumptions about sexual orientation that are contradicted by social science research. Surprisingly, in searching for evidence of same-sex desire, courts compare the harasser’s behavior to an idealized vision of romantic courtship that resonates with the picture of same-sex intimacy drawn by advocates of gay marriage. Second, these judicial inquiries into desire reinforce biases in favor of heterosexuality. Courts interpret sexually charged interactions to be devoid of desire when the harasser is involved in a heterosexual marriage, while reading desire into far less suggestive scenarios when the harasser self-identifies as nonheterosexual. And third, the judicial preoccupation with desire distracts from the purpose of sexual harassment law: eliminating invidious sex discrimination.

This study has implications for other legal doctrines that may require definitions of sexual orientation or inferences of desire. It suggests that a relationship model of sexual orientation may not be appropriate in all legal contexts, and it calls into question the project of devising any all-purpose legal definition of sexual orientation. It also argues that reformers should be wary of how inquiries into sexual desire may operate as distractions and reinforce conventional notions of sexuality.

TPPA

Two pieces by Kimberlee Weatherlee on the TransPacific Partnership Agreement (TPPA), the very important and still very secret international trade agreement that potentially has strongly adverse implications for Australian intellectual property, environmental and consumer protection law, health law and privacy law.

(The Office of the Australian Information Commissioner - exponent of the national pro-disclosure Freedom of Information regime  - refuses to provide access to its over 300 documents regarding privacy aspects of the TPPA, unredacted or otherwise, on the basis that it doesn't have the resources to handle such queries. It is ironic that the ostensible champion of access and accountability, an agency that includes the national Freedom of Information Commissioner, places itself outside the FOI regime by explaining that it is an under-resourced "micro-agency". That is a welcome signal for Ministers seeking to evade appropriate scrutiny: just cut and thereby permit agencies to disregard accessability on the basis that they have too few resources. )

Weatherall's 'TPP – Australian Section-by-Section Analysis of the Enforcement Provisions' (Sydney Law School Research Paper No. 13/84) analyses -

the leaked 30 August 2013 text of the TPP IP Chapter from an Australian perspective, focusing on the enforcement provisions only. The goal is to assess the compatibility of provisions in the current draft with Australian law and Australia’s international obligations: including TRIPS and the Australia-US Free Trade Agreement (AUSFTA). The review has several key purposes:

1. To contribute careful analysis to the current debate on the TPPA IP proposals;

2. To offer input into the Australian processes considering the TPPA;

3. To demonstrate to an international audience the relationship between these provisions and TRIPS; and

4. To demonstrate the relationship between these provisions and existing US Free Trade Agreements like AUSFTA.

A surprising number of the provisions go beyond AUSFTA.

Reading the IP provisions of the TPP IP chapter leak dated August 2013 is a maddening, dispiriting process. The provisions are written like legislation, not treaty, suggesting a complete lack of good faith and trust on the part of the negotiating countries. There are subtle tweaks of language, the phrases included or not included from previous treaties; the subtle re-wordings that might give a treaty provision an entirely different meaning. Working out the scope of a country’s obligations if even half of this text becomes treaty is going to be extremely difficult. A range of big picture questions arise as to the relationship between any TPP IP chapter and other obligations to which countries may be subject, and I’m not at all convinced we know the answers. On a substantive level, much about the language of these provisions has changed since the US proposals dated February 2011. Some more extreme elements of the US proposals have been removed or watered down; some safeguards or qualifications have been inserted that preserve domestic flexibility or require consideration of user interests or civil liberties and fair process. Despite this, the chapter is still radically unbalanced. There are still far too few safeguards for defendants and third parties in the context of IP litigation. And there are many specific proposals with potentially negative impacts on the litigation process and on the balance of IP law.

Her 'Ignoring the Science: What We Know About Patents Suggests Dire Consequences from ACTA and the TPPA' in Mercurio and N. Kuei-Jung, eds Science and Technology in International Economic Law: Balancing Competing Interests (Routledge, 2013) looks -

at what research into the operation of the IP system, and particularly IP enforcement, tells us about the issues facing research-based firms, focusing on the ‘science’ side of IP, particularly patents, and using research, and information about domestic developments, to critique the approach taken in the most recent IP negotiations to affect the Asia-Pacific Region – namely, the Anti-Counterfeiting Trade Agreement (ACTA), concluded in late 2010, and the Trans-Pacific Partnership Agreement, which at the time of writing is under negotiation. While much of the literature on patents in ACTA and the TPPA has focused on the (very important) impact on access to medicines, this chapter is concerned with the likely impact on the patent system more generally. We have grown used to hearing that the latest efforts at international IP standard-setting, the ACTA and proposals for IP in the TPPA, will have a deleterious impact on digital copyright law and on access to essential medicines. We have heard much less about the potential impact on the patent system as a whole – a much less sexy topic, no doubt, but in the long term, equally important. The patent research explored in this article suggests that both ACTA and the US’ TPPA proposal are not likely to be helpful in addressing the most pressing issues in patent law today; they risk being positively counterproductive, and exporting to the world the US’ own ‘patent crisis.’ The thought of a flood of low quality patents issuing from patent offices throughout the Asia-Pacific, should give everyone – including the negotiators of these and future agreements – serious pause.

The other CSG

The Australian Communications and Media Authority has announced that Telstra has paid an administrative penalty of $510,000 for failing to provide timely new urban landline customer connections in the 2012-13 financial year.

ACMA issued an infringement notice to Telstra following the annual assessment of Telstra’s compliance with Customer Service Guarantee (CSG) benchmarks.

The CSG benchmarks provide important safeguards for fixed-line telephone service customers for connecting a service, repairing a fault or service difficulty and for attending appointments with customers.

There are nine such benchmarks, of which Telstra met seven. The two that were not met were:

• for new connections in urban areas (88.6 per cent performance against a 90 per cent benchmark), and 

• for new connections in remote areas (89.0 per cent performance against a 90 per cent benchmark).

The infringement notice has been issued with respect to the first benchmark, with a formal warning  issued with respect to the second.

In deciding to issue the infringement notice and the formal warnings,  ACMA took into account Telstra’s positive and early responses and its open engagement with the ACMA. The ACMA also took into account that 2012-13 was marked by extreme weather events which affected Telstra’s fixed line network, particularly in remote areas.