The Judiciary Committee of the Maine State Legislature held a hearing today to discuss the future of Public Laws 2009, Chapter 230, the Act to Prevent Predatory Marketing Practices Against Minors. Enacted earlier this year, this law intended to target deceptive online marketing by prescription drug companies to minors under the age of 18.

The law as drafted, however, was substantially overbroad. It prohibits the collection of personal and health-related information from minors without verifiable parental consent, and prohibits the transfer, online or offline, of any information about Maine minors, even with parental consent. Six weeks ago, CDT was actively preparing to pursue a constitutional challenge against the Act and consulting closely with the Maine Civil Liberties Union to explore potential collaboration. However, several groups, including the Maine Independent Colleges Association and the Maine Press Association, then challenged the law in federal court on constitutional grounds, and we temporarily set aside our efforts to watch the outcome of that case. Following the pledge of Maine Attorney General Janet T. Mills not to enforce the problematic law, the court dismissed the case, and the legislature must now decide whether to repeal or amend the Act.
Read the rest of this entry »

A federal court ruled yesterday that mobile phone carriers do not need to pay copyright performance royalties for the ringtones their customers choose to legally download and use. The ruling is a win for consumers and precisely the result that CDT, EFF, and Public Knowledge urged in an amicus brief filed earlier this year. Contrary to the performance-rights organization ASCAP’s strained assertions, the court ruled, “When a ringtone plays on a cellular telephone, even when that occurs in public, the user is exempt from copyright liability, and [carriers are] not liable.” In other words, neither you nor your cellular phone company owe ASCAP a few pennies every time your phone bursts into Raffi’s Bananaphone.

While ASCAP had made public statements that it would never go after individuals for copyright infringement, its demand for royalties from Verizon and AT&T implied that each customer was infringing copyright every time his or her phone rang, even using a ringtone that the user legally purchased. The court appropriately found that such uses would be non-infringing under section 110(4) of the Copyright Act, which exempts performances undertaken “without any purpose of direct or indirect commercial advantage.” This seems like common sense, and Fred von Lohmann at EFF has neatly summed up the implications with some apt comparisons: “This ruling should also protect consumers who roll down their car windows with the radio on, who take a radio to the beach, or who sing ‘Happy Birthday’ to their children in a public park.”
Read the rest of this entry »

It seems like the debate over health care reform has sucked all the oxygen out of the public dialog, as if nothing else were happening here in Washington. Think again. Perhaps one of the most significant “behind the scenes” actions happened late last week when the Obama Administration failed to support significant changes to the Patriot Act that would have given Americans stronger civil liberties protections.

More disturbing, it appears that the Administration took an active part in opposing changes supported by civil liberties groups, such as CDT, that would have gone a long way toward correcting several flaws in the Patriot Act.

CDT President Leslie Harris outlines the Obama Administration’s missteps in her latest Huffington Post piece titled: Obama vs. Obama on the Patriot Act. Harris notes that the moves by the Administration to maintain the Patriot Act status quo directly contradicted positions Obama himself took as a freshman Senator.

Harris writes:

“With Democrats in charge of Congress and strong civil libertarians at the helm of the House and Senate Judiciary Committees, the time for PATRIOT Act reform is now. But with the Administration pushing in the wrong direction, the chances for reform have been diminished. Now it’s up to the House Judiciary Committee to stand its ground. The opportunity for real reform will not come again anytime soon. Congress needs to do the right thing, even if Obama will not.”

Recently Syracuse University, my alma mater, took steps to increase campus security by installing a video-surveillance system in all entrances and exits of residence halls and one academic building. This took two years of planning for the 168 new cameras being installed on campus, but it is unclear how the University is ensuring the privacy of students as they begin to monitor the campus over video.

When implementing a video surveillance system of this scale, people often forget that it’s not just the “bad guys” and criminals that end up on the tape, it’s every person walking through the building. Every day, these tapes will archive the movements of thousands of students, faculty and staff members at the university, most of which will never be involved in a crime.

Students may worry that “big brother” is watching them even as they go about the mundane details of their day, moving in and out of their buildings, but they should also be aware of data retention issues associated with this system and demand answers and that appropriate privacy policies be put in place. Before they are surveilled, students need to know how long the tapes are kept if no crime is involved, what steps are taken to prevent theft of the footage, and who has access to the footage for what purposes. Will the footage be used only for criminal investigations, or will the scope of the project creep as new groups want to use it?

The issues surrounding the surveillance project become less about whether or not students are safer on campus and more about students taking back the right to their privacy by being able to protect themselves and their identities from unwarranted third party involvement. The more hands a student’s information or image passes through, the more this project grows in scope.

With the allure of all of this information, suddenly it’s not just public safety viewing the images, it’s also the health office or the student judiciary office or the scholarship office. Without clear guidelines noting who can or cannot access these videos, students have essentially given the school a blank check on their privacy rights – with no limit on who can access their information.
Read the rest of this entry »

Digital signage media – video displays on screens ranging from TV-sized monitors in stores to roadside billboards – is maturing into an offline version of behavioral advertising. What effect will this have on consumers’ expectation of privacy in public spaces?

Recently, in the UK, a fresh example arose of the growing conflict between these digital signs and privacy laws. Castrol, the maker of motor oil, launched an advertising pilot in which roadside cameras scanned the license plates of passing cars and then digital billboards displayed the license numbers along with the grade of motor oil Castrol recommends for that type of car. The system was able to discern the make and model of each vehicle by running the license number through a database, containing the personal information of tens of millions of drivers, purchased from the British equivalent of the Department of Motor Vehicles.
Read the rest of this entry »

CDT’s Gregory Nojeim has a guest blog post today on the American Constitution Society’s blog. Nojeim discusses the PATRIOT Act markup from yesterday’s Senate Judiciary Committee hearing and voices his disappointment with the committee’s failure to take action on the issues surrounding National Security Letters (NSL). CDT has been an active voice in calling for the administration to take steps to protect civil liberties that may be threatened under certain PATRIOT Act provisions. Let us know what you think of the ACS post as we continue to work on ensuring that civil liberties are being protected while national security policy is being crafted.

On October 1st, the Office of Civil Rights (OCR) within the Department of Health and Human Services (HHS) issued a Proposed Rule with respect to the Genetic Information Nondiscrimination Act (GINA), a federal law passed in May 2008 that protects individuals against discrimination in health care coverage and employment based on genetic information. Many states already have similar laws in place, but GINA provides a new federal baseline level of protection against genetic discrimination in health care coverage and employment.

The proposed rule attempts to implement new privacy and confidentiality protections in Title I of GINA, which deals with nondiscrimination in health care coverage, and makes changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The Privacy Rule protects individuals’ health information by limiting how it can be used or disclosed by “covered entities,” which includes health insurers and plans. This post highlights some of the major changes, which are based both on GINA as well as HHS’ general authority under HIPAA. (Of note, proposed regulations to implement the employment nondiscrimination provisions were issued earlier this year by the Equal Opportunity Employment Commission (EEOC).

First, GINA requires HHS to clarify that genetic information is protected health information and therefore subject to the Privacy Rule, and the proposed rule makes this clarification. Of note, HHS has always maintained in guidance that genetic information is protected under HIPAA as long as it is individually identifiable and maintained by a covered entity. However, the proposed change goes a step further and makes this indisputable in the Rule.

Second, GINA also requires HHS to change the Privacy Rule to prohibit health plans from using or disclosing genetic information for underwriting purposes, including determining eligibility or benefits, calculating premiums or contribution amounts, and imposing pre-existing condition exclusions (and this prohibition applies even if an individual authorizes the use of his or her information for this purpose). (The Privacy Rule historically has allowed covered entities to use any protected health information for underwriting purposes). Although Title I of GINA specifies that only certain plans be subject to this prohibition, OCR proposes to apply the prohibition to all health plans governed by the Privacy Rule, including long-term care policies and employee benefit welfare plans. HHS maintains that this interpretation is consistent with both GINA and HHS’ authority under HIPAA.

Third, OCR proposes to require plans that use or disclose protected information for underwriting purposes to include a statement in their Notice of Privacy Practices about how they are prohibited from using or disclosing genetic information for underwriting purposes. The Privacy Rule already requires health plans (and most other covered entities) to provide a notice to individuals that describes how they use and disclose personal health information. However, requiring plans that perform underwriting to include a specific statement about genetic information increases transparency and further educates individuals about specific protections on genetic data.

OCR coordinated its work on the proposed rule with the Departments of Labor and Treasury, and the Centers for Medicare and Medicaid Services, which are tasked with implementing regulations for Title I of GINA and which released their interim final rule the same day that OCR issued its rule. The public has 60 days to comment on the proposed rule. Comments are due to HHS no later than December 7, 2009 and can be submitted electronically at www.regulations.gov.

Earlier today, Judge Denny Chin approved an aggressive schedule for the parties in the Google Books lawsuit to submit an amended settlement agreement. Michael Boni, speaking for all parties, indicated that the parties have been hard at work since the Department of Justice raised concerns about the original settlement (arrived at after years of negotiation), and that a revised settlement will be ready in early November. Judge Chin consequently set a deadline of November 9. While no other court dates were set, the parties did indicate that the deadline for rightsholders to claim their copyright interest in works that Google has scanned would be extended from January 5, 2010 to June 5, 2010.

Boni argued that extensive additional notice to the class of rightsholders will not be necessary, as the amendments will all benefit the class. Based on this, he asserted the parties’ desire to have a final fairness hearing—formerly scheduled for today—in late December or early January. It will be interesting to see if Judge Chin agrees upon seeing the revised settlement, especially since much of the commentary on the settlement, including that of the DOJ, has raised questions about the adequacy of the prior notice to the class members, given the sheer size of the class.
Read the rest of this entry »

Recently, CDT’s Harley Geiger wrote a guest blog post for Business 2.0 Press discussing new developments in digital signage and behavioral advertising in the wake of the online advertising study released last week.
Check it out and let us know what you think. Thanks again to Business 2.0 Press for the opportunity.

In separate announcements yesterday, Verizon Wireless and AT&T took welcome steps towards greater openness in the wireless industry. By “openness,” I mean the extent to which wireless networks allow the use of devices and services that aren’t affiliated with the operators of those networks.

Verizon Wireless said it would work with Google to provide fully open wireless phones running Google’s Android operating system. AT&T said that it would start allowing iPhone owners to run VOIP services, including Skype, when connected to AT&T’s 3G wireless network. (iPhone users previously could use VOIP only when connected to the Internet via a Wi-Fi hotspot.)

These are significant announcements in themselves, but they also illustrate a broader trend. Verizon Wireless decided to open its network to third party devices and applications back in 2007 — a decision CDT applauded as a “major shift with tremendous potential to spur innovation” — and the iPhone, despite occasional controversies over the approval process, famously has spurred a huge market in third party applications. In short, carriers are now well aware that open models offer a great deal of commercial power and appeal.

Still, the timing of all this is interesting, coming shortly after the FCC Chairman announced that the agency plans to propose openness rules that would, for the first time, extend to wireless. Network operators will no doubt argue that yesterday’s developments are more evidence that the industry is headed in the right direction and that no government action is warranted. But the fact that this was reported as news highlights that the wireless and wireline Internet start from different traditions and assumptions. You don’t read many press stories about DSL or cable modem providers making decisions about what computers or online services they will allow customers to use. The general expectation is that those decisions are in the hands of users, and that the network operator doesn’t exercise any kind of gatekeeper control over what users choose to do with the connectivity they purchase.
Read the rest of this entry »