Digital Privacy: Difference between revisions

From Youth and Media
Jump to navigation Jump to search
No edit summary
 
(106 intermediate revisions by 7 users not shown)
Line 1: Line 1:
[[Portal:Digital Privacy]]
=Overview=
=Overview=


#Context for current privacy laws (designed for print media world) -- see Woo article
Digital Privacy is a complex issue because the definition of privacy is on-going and relative, not merely situational.  For example, privacy in the colonial period of  United States history meant something drastically different from what privacy now means in the U.S.  Furthermore, privacy has different meanings across boundaries--as European privacy law differs from U.S privacy law, and both of them differ from Canadian privacy law.  As technology, specifically the internet, takes off, issues of privacy are critically important.  What is now considered a public domain?  Does such a thing as a private domain exist anymore?  Should companies be allowed to retain data on individual user's searches?  Should Google be allowed to take pictures of people's houses?  What happens if someone takes a picture of a private citizen and posts it on the internet?  What happens if it is a video?  Is there a way to enforce a law even if passed? 
#Shift from analog to digital (see Viktor Mayer-Schoenberger's article and his idea of becoming a society that remembers instead of forgets) - what are the implications?
 
#Shifting notions of privacy (generation gap) - DNs born and raised in this environment of digital records vs. older generation. How did this environment impact the ways in which natives think about privacy?
What are the implications of growing up in a society that always remembers and never forgets? The life of a Digital Native is constantly recorded through digital tracks. What will the future hold?  How does this environment impact the ways in which Digital Natives think about privacy? The generation gap between non-natives and natives highlights the blurring definition of privacy.  Previously thought private domains are being public--and public places are no longer parochially public but in fact globally public. 
 
These are only some of the questions that need answers in this increasingly digital age.  The following description and analysis of digital privacy aims to shed light on these questions and addresses possible solutions.


=Elements of Digital Privacy=
=Elements of Digital Privacy=


== Collection & Retention- digital tracks & readily accessible information ==
*'''SUMMARY:''' The life of a Digital Native is constantly being recorded.  This information about a Digital Native is retained by and accessible to others.  The following are examples of what kind of data is retained, who collects it, and who can view it:
*For example, a search on Google results in a stream of information is sent to, and stored in, the Google servers.  This includes the computer IP address, the date and time of the query, the browser used, and the unique cookie ID assigned to the computer.  If G-mail users are logged in then Google associates this data with personally identifiable information.


== Collection - digital tracks ==
*Microsoft Live Search also records the type of search you conducted (image, Web, local, etc.), while Google additionally stores your browser type and language. And when you click on a link displayed on Google, that may also be recorded and associated with your computer's IP address.  While Google Inc. recently announced that it would make its search logs anonymous after 18 months' time by deleting part of the IP address and obfuscating cookies associated with search queries, Microsoft Corp. and Yahoo Inc. haven't yet made their retention policies public. AOL LLC stores this data for just one month.[http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026638&source=rss_news50]


== Retention ==
*Every Internet search resides on a computer somewhere. Comings and goings are monitored by security cameras. Phone calls are logged by telecommunications companies.[http://www.washingtonpost.com/wp-dyn/content/article/2007/01/15/AR2007011501304.html]
* related to digital tracks, but how long kept, who's keeping it, what are the laws around retention, how it can be accessed


*This [http://www.washingtonpost.com/wp-dyn/content/article/2007/01/15/AR2007011501304.html Washington Post article] shows a typical day of an ordinary woman and what kinds of information is collected about her.
*In 2006, AOL released the search data of over 20 million users for the public to view [http://www.techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/]
*ZabaSearch queries return a wealth of info sometimes dating back more than 10 years: residential addresses, phone numbers both listed and unlisted, birth year, even satellite photos of people's homes.  ZabaSearch isn't the first or only such service online. Yahoo's free People Search, for example, returns names, telephone numbers and addresses. But the information is nothing more than what's been available for years in the White Pages...Far more personal information is available from data brokers, including aliases, bankruptcy records and tax liens. That access typically requires a fee, however, which has always been a barrier to the casual snooper...But ZabaSearch makes it easier than ever to find comprehensive personal information on anyone.[http://www.wired.com/politics/security/news/2005/05/67407]


== Visibility ==
== Visibility ==
* how technology can organize, highlight, and take out of context info that's already available online
 
* Private vs. public domains (what happens when the boundaries are blurred? how do you legislate?)
* Technology can organize, highlight, and take out of context info that's already available online.  For example, the New York Times recently reported that Rudy Giuliani's daughter supported Barack Obama on Facebook.[http://www.nytimes.com/2007/08/07/us/politics/07giuliani.html?ref=politics]  After this was reported her profile was taken down.  This incident shows that much of the information on the internet is available for anyone to see.  ZabaSearch provides people's full name, birth date and address. 
(Facebook News feeds, Address/ tel number look-up)
**Facebook news feeds, Address & telephone number look-up
 
* Private vs. Public Domains.  What happens when these boundaries are blurred? How do you legislate?
 
Places once thought private are now becoming public.  Places once thought public are now global.  On many internet sites, the default is set for the least privacy.  Given the increase in accessibility to information and the decrease in privacy are there effective ways to legislate privacy rights?  Legal experts provide solutions are available under the subheading 'What the Experts Think'
 
* Control over posting to the web - (offline to online)
* Control over posting to the web - (offline to online)
(SSN being posted online as local government put (always) public records online, Google Street View, Posting and naming someone's picture on a MySpace page)
(SSN being posted online as local government put (always) public records online, Google Street View, Posting and naming someone's picture on a MySpace page)


== Control over reproduction/duplication ==
== Control over reproduction/duplication ==
(ex. Washington Post article about pole vaulter)
 
*'''SUMMARY:''' This is a tricky issue arising from the internet. Previously thought private information is now becoming public.  The following are examples of people's picture/video taken without their permission and circulated throughout the internet.  While in the first example the victim is not in the wrong, whereas in the other two people genuinely did immoral acts, nevertheless the issue arises: Does a person control a right to reproduction/duplication of their body and actions from the internet?  As of yet, no solution has been found that does grant full autonomy to the individual.
 
*The Washington Post recently reported  [http://www.washingtonpost.com/wp-dyn/content/article/2007/05/28/AR2007052801370.html a story about Allison Stokke], whose picture was taken at a public venue and then circulated around the internet without her consent.  The issue that arises is simple: Does she have a right to protect herself from unauthorized duplication of pictures of her?  Currently, U.S. laws do not protect her.
 
*In 2006 on a bus heading to Hong Kong, a dispute occurred on the bus involving two men.  The altercation was filmed by another passenger's cell phone and posted on the internet.  The video became the most popular on the internet in May 2006.[http://en.wikipedia.org/wiki/The_Bus_Uncle]  The incident became known as [http://www.youtube.com/watch?v=RSHziqJWYcM "bus uncle"].
 
*Then there's the story of [http://www.washingtonpost.com/wp-dyn/content/article/2005/07/06/AR2005070601953.html Dog Poop Girl] whose dog threw up on a subway car.  She did not clean it up.  A fellow passenger took her picture and posted it online asking for people to identify her.  The Washington Post reports that "humiliated in public and indelibly marked, the woman reportedly quit her university."
**The Dog Poop Girl case "involves a norm that most people would seemingly agree to -- clean up after your dog," wrote Daniel J. Solove, a George Washington University law professor who specializes in privacy issues, on one blog. "But having a permanent record of one's norm violations is upping the sanction to a whole new level . . . allowing bloggers to act as a cyber-posse, tracking down norm violators and branding them with digital scarlet letters."[http://www.washingtonpost.com/wp-dyn/content/article/2005/07/06/AR2005070601953.html]


== Protection against whom? ==
== Protection against whom? ==


a) Government
Privacy protection can be broken down to include protection from:
b) service providers (Google, Facebook, ISP, etc) (what right to keep info, distribute, sell, etc.)
 
c) marketers
*a) Government: U.S. Privacy laws focus on protecting individual citizens from infringement by the government. 
d) Schools, teachers, etc - what kind of rights do students have?
*b) Service Providers (Google, Facebook, ISP, etc) are not specifically regulated by U.S law on issues such as : right to keep info, distribute, sell, etc.
e) others (horizontal interaction - employers, neighbors, health insurers, etc.)
*c) Schools, teachers, etc - what kind of rights do students have?
*d) Employers, neighbors, health insurers, etc.


=EU Privacy Law=
=EU Privacy Law=


In March 2006, the European Commission passed the [http://eur-lex.europa.eu/LexUriServ/site/en/oj/2006/l_105/l_10520060413en00540063.pdf European Data Retention Directive].  This directive legally requires all Internet and telephone service providers in the EU to retain records of communication data for up to 2 years.  While communication service providers are _not_ allowed to retain records of the _content_ of communications, virtually all other data about the communications is required to be collected and stored, to be turned over to the authorities upon request.
In March 2006, the European Commission passed the [http://eur-lex.europa.eu/LexUriServ/site/en/oj/2006/l_105/l_10520060413en00540063.pdf European Data Retention Directive].  This directive legally requires all Internet and telephone service providers in the EU to retain records of communication data for up to 2 years.  While communication service providers are _not_ allowed to retain records of the _content_ of communications, virtually all other data about the communications is required to be collected and stored, to be turned over to the authorities upon request.
''
The data required to be collected, at each instance of communication, is as follows:''


''The data required to be collected, at each instance of communication, is as follows:''


For telephone communications (both mobile and stationary):  
For telephone communications (both mobile and stationary):  
Line 46: Line 71:
* The geographical location of both parties in the entire duration of the communication.
* The geographical location of both parties in the entire duration of the communication.
* Data identifying user's communication equipment
* Data identifying user's communication equipment


For Internet communications (including Internet access, e-mail, and Internet telephony):
For Internet communications (including Internet access, e-mail, and Internet telephony):
Line 57: Line 81:
=U.S. Privacy Law=
=U.S. Privacy Law=


SUMMARY OF THIS:
'''[[Court Cases on Privacy]]'''


later, questions raised:
and


==The History of U.S. Privacy Laws==
[[History of U.S. Privacy Laws]]


'''Legal Decisions''':
==Divergence of U.S. and European Privacy Laws==


*In 1782, the Continental Congress passed a law to protect the confidentiality of letters <ref> [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969495#PaperDownload SSRN]</ref>
'''Origins'''


*In 1811, in ''Denis v. LeClerc'' a newspaper editor sought to publish an improperly obtained letter. The court prohibited the publication of the letter because just as the defendant could not produce it to his associates, he could also not publish it in the press, due to the “sacredness” of the “confidential letter.” <ref>(SSRN)</ref>
*Warren and Brandeis did not write on a nearly blank slate when they crafted their “right to privacy.” Instead of developing and expanding the robust law of confidentiality that already existed, '''Warren and Brandeis took American privacy law down a different path.''' [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969495]
**Before the Warren and Brandeis article, English and American privacy law were on a similar trajectory, being built out of the same materials and concepts. American judges read English precedent and attempted to situate their rulings within the fabric of the common law. Afterwards, the paths diverged. The path Warren and Brandeis charted for American privacy law was not that of developing the law of confidentiality.  [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969495]
**Instead of creating a law of privacy, however, England developed a law of confidentiality, which was explicitly distinguished from privacy. Ironically, both the American law of privacy and the English law of confidentiality emerged from the same source – the ''Prince Albert'' case.[http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969495]


*In 1825, Congress enacted another law to protect the confidentiality of letters by criminalizing taking “any letter, postal card, or package out of any post office or any authorized depository for mail matter, or from any letter or mail carrier.” <ref>(SSRN)</ref>
'''European Privacy Law?'''
**According to past EU laws precedents, new laws regarding, say, someone posting embarrassing photos of another on Flickr would be illegal, as it is an invasion of privacy and offends one's dignity. It would not, however, offend liberty (and it seems that such liberty arguments are largely moot anyways with the introduction of the Patriot Act, which gives the government incredible access to our private information, and hence our liberty).


*In 1877, in ''Ex Parte Jackson'' the Supreme Court concluded that the Fourth Amendment protected letters from government inspection without a warrant. The fact that people willingly gave the government their letters for delivery did not waive protection, as the government was expected to keep them confidential. (SSRN)
'''Avner Levin and Mary Jo Nicholson's definition of Canadian Privacy Law''':
*" ...the right to control access to one’s person and information about one’s self. The right to privacy means that individuals get to decide what and how much information to give up, to whom it is given, and for what uses....A multicultural society does not attempt to impose on its members values, which some elements in it may very well hold dear—such as dignity or liberty—but encourages the development of these values autonomously, within a multicultural framework. Canadians, it seems, perceive their privacy as most importantly protecting this autonomy, and believe that members of society should be free to decide for themselves what is important for them to control" (Levin, Avner and Nicholson, Mary Jo, "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground" . University of Ottawa Law & Technology Journal, Vol. 2, No. 2, pp. 357-395, 2005 Available at SSRN: http://ssrn.com/abstract=894079).


*In 1890 Samuel Warren and Louis Brandeis termed the phrase "the right to be let alone" in their famous article in the Harvard Law Review titled ''The Right to Privacy''. This was one of the earliest legal articles in the U.S relating to privacy issues.
'''Problems with American Privacy Law'''
**In 1891, just a year after the article was published, the “right to be let alone” found its way into constitutional law. The Supreme Court held in ''Union Pacific Railway Company v. Botsford'' that a court could not compel a plaintiff in a civil suit to undergo a surgical examination: “As well said by Judge Cooley: ‘The right to one’s person may be said to be a right of complete immunity; to be let alone’ (SSRN)
*"Americans want their government to let them interact freely with one another and to not intervene." But this is changing: "As e-mails, modems, and PCs break down the boundaries between work and home, there are progressively fewer private or public spaces for citizens to express themselves autonomously. The Internet has blurred the distinction between the home and the office, as Americans are spending more time at the office and are using company-owned computers and Internet servers to do their work from home. But as technology poses new challenges to geographic concepts of privacy, courts have not been encouraged to think creatively about how to reconstruct zones of individual privacy and free expression." (Levin, Avner and Nicholson, Mary Jo, "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground" . University of Ottawa Law & Technology Journal, Vol. 2, No. 2, pp. 357-395, 2005 Available at SSRN: http://ssrn.com/abstract=894079)


*In the famous 1902 case of ''Roberson v. Rochester Folding Box Company'' the court rejected the right to privacy. An advertisement for Franklin Mills Flour used a drawing of a young woman, Abigail Roberson, without her consent. The picture was a flattering one, but Roberson sued because she was “humiliated” by it and suffered mental distress as a result. The court concluded that there was “no precedent” to recognize Warren and Brandeis’s tort remedies for invasion of privacy, and that such a right was best left to the legislature to enact <ref>(SSRN)</ref>
*More broadly, since American privacy law often remains focused around individualistic conceptions of privacy, it has not fully embraced protecting confidentiality in relationships. In many other contexts, such as trade secrets and business confidences, American law readily provides remedies against unwarranted breaches of trust. But in the domain of privacy, American law has not progressed nearly as far as English law in recognizing and protecting trust in relationships. An increased recognition of a confidentiality-based conception of privacy might also have significant implications in other areas of American privacy law that developed under the influence of Warren and Brandeis. [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969495]  (Richards, Neil M. and Solove, Daniel J., "Privacy's Other Path: Recovering the Law of Confidentiality" . Georgetown Law Journal, 2007 Available at SSRN: http://ssrn.com/abstract=969495)


*In 1905, the Georgia Supreme Court recognized in the common law a tort remedy for invasions of privacy. The case, ''Pavesich v. New England Life Insurance Company'' involved a situation similar to that in Roberson – a man’s image was used in an advertisement without his consent. The court concluded that a “right of privacy in matters purely private is . . . derived from natural law.” <ref>(SSRN)</ref>
=Generational Differences in Attitudes about Privacy=


*In 1965, in ''Griswold v. Connecticut'' the Court declared that an individual has a right to privacy from the government [http://www.law.cornell.edu/supct/html/historics/USSC_CR_0381_0479_ZS.html ''Griswold v Connecticut''].
=What the Experts Think=
*In 1967, in ''Time, Inc. v. Hill'' the Court faced the question: Is a publication, containing misrepresentations about the subject of its coverage, protected under the First Amendment's freedom of speech guarantees?  They concluded yes because "absent a finding of such malicious intent on the part of a publisher, press statements are protected under the First Amendment even if they are otherwise false or inaccurate" <ref> [[http://www.oyez.org/cases/1960-1969/1965/1965_22]] </ref>.
 
*In 1968, in ''Mancusi v. DeForte'' the Supreme Court addressed whether a union employee had a legitimate expectation of privacy, and therefore Fourth Amendment standing, in the contents of records that he stored in an office that he shared with several other union officials. The Court held that DeForte had standing to object to the search and that the search was unreasonable, noting that it was clear that “if DeForte had occupied a ‘private’ office in the union headquarters, and union records had been seized from a desk or a filing cabinet in that office, he would have had standing" [http://supreme.justia.com/us/392/364/ ''Mancusi v DeForte''].
 
*In 1975 in ''Cox Broadcasting v. Cohn'' the question was whether Georgia's law preventing the disclosure of the names of rape victims was constitutional.  The Supreme Court held that despite the right to privacy’s “impressive credentials,” when “true information is disclosed in public court documents open to public inspection, the press cannot be sanctioned for publishing it.”  The Court declined to address “the broader question” that would implicate the constitutionality of the tort in all its applications – namely, “whether the State may ever define and protect an area of privacy free from unwanted publicity in the press <ref>(SSRN)</ref>
 
*In 1977, in ''Zacchini v. Scripps-Howard Broadcasting Co'' the Supreme Court said that a news station violated the Constitution when it videotaped and aired Zacchini's "human-cannonball" stunt without his permission.  The logic of the opinion is that even though the the airing was not meant to be malicious and the event took place in a public setting, because the plaintiff asked for his stunt not to be published without payment the actions of the news station were unlawful <ref> [http://www.bc.edu/bc_org/avp/cas/comm/free_speech/zacchini.html] </ref>.
 
*In 1987 in  ''O'Connor ET AL. v. Ortega'' the Court found that workplace property remains within the control of the employer “even if the employee has placed personal items in [it]" [http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=480&invol=709 ''O'Connor ET AL. v. Ortega']
 
*Subsequent Supreme Court cases reiterated the Cox rule. In ''Smith v. Daily Mail'' the Court held: “If a newspaper lawfully obtains truthful information about a matter of public significance then state officials may not constitutionally punish publication of the information, absent a need to further a state interest of the highest order.”  In ''Florida Star v. B.J.F.'' the Court reiterated the rule in Daily Mail in concluding that the First Amendment prohibited liability when a newspaper published the name of a rape victim obtained from a police report <ref>(SSRN)</ref>
 
*SEC vs. Jerry T. Obrien Inc.  It is established that when a person communicates information to a third party even on the understanding that the communication is confidential, he cannot object if the third party conveys that information or records thereof to law enforcement authorities <ref> Zittrain </ref>.  It also disables respondents from arguing that notice of subpoenas issued to third parties is necessary to allow a target to prevent an unconstitutional search or seizure of his papers
 
 
'''Digital Privacy Decisions'''
 
*In ''United States v. Simons'', the ruling was that employees do not have a reasonable expectation of privacy when it comes to their work related electronic communications[http://www.internetlibrary.com/cases/lib_case131.cfm ''United States v. Simons'']
 
*In ''United States v. Gourde'', 440 F.3d 1065, 1077 (9th Cir. 2006) it was found that "for most people, their computers are their most private spaces" [http://www.ca9.uscourts.gov/ca9/newopinions.nsf/04485f8dcbd4e1ea882569520074e698/b671b58e0a555b0f88256f03005783aa/$FILE/0330262.pdf ''United States v. Gourde'']
 
* In 2007, ''United States v. Zeigler''.  In this case, an employee had accessed child pornography websites from his workplace computer. His employer noticed his activities, made copies of the hard drive, and gave the FBI the employee's computer. At his criminal trial, Ziegler filed a motion to suppress the evidence because he argued that the government violated his Fourth Amendment rights.  The Ninth Circuit allowed the lower court to admit the child pornography evidence. After reviewing relevant Supreme Court opinions on a reasonable expectation of privacy, the Court acknowledged that Ziegler had a reasonable expectation of privacy at his office and on his computer, however, the court found that: "In this context, Ziegler could not reasonably have expected that the computer was his personal property, free from any type of control by his employer. The contents of his hard drive, like the files in Mancusi, 392 U.S. at 369, were work-related items that contained business information and which were provided to, or created by, the employee in the context of the business relationship. Ziegler’s downloading of personal items to the computer did not destroy the employer’s common authority. Ortega, 480 U.S. at 716. Thus...the employer, could consent to a search of the office and the computer that it provided to Ziegler for his work" [http://www.ca9.uscourts.gov/ca9/newopinions.nsf/1B9EE38656401781882572720080706B/$file/0530177.pdf?openelement ''United States v. Zeigler]
 
*In 2007, ''State of New Jersey v. Shirley Reid''.  In the case, prosecutors asserted that Shirley Reid broke into her employer’s computer system and changed its shipping address and password for suppliers. The police discovered her identity after getting a subpoena to the internet provider, Comcast Internet Service.  The lower court suppressed information from the internet service provider that linked Reid with the crime. The New Jersey appellate court agreed with this decision. As a result, New Jersey offers greater privacy rights to computer users than most federal courts. Although this case does not directly discuss the Fourth amendment, it illustrates that some states are providing more privacy protection to computer users than the federal courts. It also illustrates that caselaw on privacy in workplace computers is still evolving [http://www.epic.org/privacy/nj_reid/reid_superior_ct.pdf State of New Jersey v. Shirley Reid]
 
'''Examples of Problems Not Yet Taken to Court'''
 
*In early September 2006, Jason Fortuny, a Seattle-area graphic designer and network administrator, posed as a woman and posted an ad to Craigslist Seattle seeking a casual sexual encounter with area men. On September 4, he posted to the internet all 178 of the responses, complete with photographs and personal contact details, describing this as the Cragslist Experiment and encouraging others to further identify the respondents. [http://en.wikipedia.org/wiki/Internet_privacy#Jason_Fortuny_and_Craigslist Fortuny Incident]
 
'''U.S. Privacy Laws''':
 
*[http://www.usdoj.gov/oip/04_7_1.html  U.S Privacy Act of 1974 ] mandated a set of fair information practices, including disclosure of private information only with the an individual’s consent (with exceptions for law enforcement, archiving, and routine uses), and established the right of the subject to know what was recorded about her and to offer corrections. While it originally intended to apply to a broad range of public and private databases to parallel the H.E.W. report, the Act was amended before passage to apply only to government agencies’ records (Zittrain chapter 9)
 
*[http://www.ftc.gov/reports/privacy3/fairinfo.shtm Fair Information Practice Principles] articulation made by the Federal Trade Commission concerning  privacy.
 
==Brief Synopsis of These Laws and Their Relation to Online Privacy/Data Retention==
 
Americans are skeptical of having the government have their information but OK having business handle it [http://www.iht.com/articles/2005/08/07/news/data.php].  That is, in the US privacy protection is essentially liberty protection, i.e. protection from government [http://www.uoltj.ca/articles/vol2.2/2005.2.2.uoltj.Levin.357-395.pdf].  Moreover, American privacy law has never fully embraced privacy within relationships; it typically views information exposed to others as no longer private <ref> SSRN </ref>.
 
 
 
==Additional History of U.S. Privacy Laws== RE-think title!
* At America's inception, George Washington had feared that his letters about the new Constitution were not confidential, “for by passing through the post-office, they should become known to all the world."  By the end of the nineteenth century a remarkable transformation in social attitudes and law had taken place. As David Seipp explains, “[n]ineteenth century public opinion regarded the ‘sanctity of the mails’ as absolute in the same way it esteemed the inviolability of the home.”  Improved confidentiality procedures in the Post Office and strong legal protections went hand in hand with an emerging attitude that the ideas and sentiments expressed in letters traveling through the postal system should remain inviolate, in language often tinged with overtly religious imagery. Thus, a Louisiana court could refer in 1811 to the law’s respect for “the sacredness of a man’s correspondence.” <ref> (SSRN) </ref>.
 
*In 1890, Samuel Warren and Louis Brandeis wrote The Right To Privacy in the Harvard Law Review which advocated the "right to be let alone"
 
*William Prosner in 1960 wrote Privacy and helped on Restatement (Second of Torts) (http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969495).
**Established American privacy law as four related torts
**Minimized the importance of confidentiality in American law
 
*In America, the prevailing belief is that people assume the risk of betrayal when they share secrets with each other (papers.ssrn.com)
 
*During the 1940s and 50s, many more jurisdictions began recognizing the right to privacy, with the result that by the 1950s, most states had adopted a tort right of privacy in one form or another (SSRN)
*William Prosser’s most famous discussion of the topic was a 1960 article entitled [[Privacy]] published in the California Law Review.  In that article, Prosser noted that over 300 privacy cases had been decided since the Warren and Brandeis article, and that to date, there had been little “attempt to inquire what interests we are protecting, and against what conduct."  Prosser identified the torts as follows:
#Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs.
#Public disclosure of embarrassing private facts about the plaintiff.
#Publicity which places the plaintiff in a false light in the public eye.
#Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness.169
In creating this taxonomy of the law of privacy, Prosser had a dramatic effect on the development of privacy law in America (SSRN).  First, individuals are willing to trade privacy for convenience or bargain the release of personal information in exchange for relatively small rewards. Second, individuals are seldom willing to adopt privacy protective technologies (http://www.heinz.cmu.edu/~acquisti/papers/acquisti.pdf).
 
==Origins of Divergence of U.S. and European Privacy Laws==
 
*Warren and Brandeis did not write on a nearly blank slate when they crafted their “right to privacy.” Instead of developing and expanding the robust law of confidentiality that already existed, '''Warren and Brandeis took American privacy law down a different path.''' (SSRN)
**Before the Warren and Brandeis article, English and American privacy law were on a similar trajectory, being built out of the same materials and concepts. American judges read English precedent and attempted to situate their rulings within the fabric of the common law. Afterwards, the paths diverged. The path Warren and Brandeis charted for American privacy law was not that of developing the law of confidentiality.  (SSRN)
**Instead of creating a law of privacy, however, England developed a law of confidentiality, which was explicitly distinguished from privacy. Ironically, both the American law of privacy and the English law of confidentiality emerged from the same source – the ''Prince Albert'' case.(SSRN)
 
<ref>Miller, E: "The Sun.", page 23. Academic Press, 2005.</ref>
 
==Generational Differences in Attitudes about Privacy==
 
==What the Experts Think==


#Jonathan Zittrain believes U.S. digital privacy law should be in the spirit of ''Chapman v. United States''.  In this case, a police search of a rented house for a whiskey still was found to be a violation of the Fourth Amendment rights of the tenant, despite the fact that the landlord had consented to the search.  The Court refused to find that the right against intrusion was held only by the absentee owner of the place intruded — rather, it was held by the person who actually lived and kept his effects there.  
#Jonathan Zittrain believes U.S. digital privacy law should be in the spirit of ''Chapman v. United States''.  In this case, a police search of a rented house for a whiskey still was found to be a violation of the Fourth Amendment rights of the tenant, despite the fact that the landlord had consented to the search.  The Court refused to find that the right against intrusion was held only by the absentee owner of the place intruded — rather, it was held by the person who actually lived and kept his effects there.  
#Jisuk Woo believes that '''the right not to be identified should be the most important concept that privacy consists of on the internet'''.  By not being identified, he hopes that individuals can protect themselves from the potential risk and threat of surveillance of their activities.  He believes that the modern concept of privacy has set as its main goal freedom from the government, and although citizens may be concerned about internet privacy, they willingly give up their privacy for consumer convenience and other monetary benefits.  Therefore, policy measures for network privacy should focus on ensuring individual users’ search for anonymity by recognizing the right to be silent about their identities and the right to disguise their identities rather than providing restrictions on easily identifiable external forces and institutions.<ref> Woo article </ref>.
#Jisuk Woo believes that '''the right not to be identified should be the most important concept that privacy consists of on the internet'''.  By not being identified, he hopes that individuals can protect themselves from the potential risk and threat of surveillance of their activities.  He believes that the modern concept of privacy has set as its main goal freedom from the government, and although citizens may be concerned about internet privacy, they willingly give up their privacy for consumer convenience and other monetary benefits.  Therefore, policy measures for network privacy should focus on ensuring individual users’ search for anonymity by recognizing the right to be silent about their identities and the right to disguise their identities rather than providing restrictions on easily identifiable external forces and institutions. [http://nms.sagepub.com/cgi/content/abstract/8/6/949 Woo]
#Avner Levin and Mary Jo Nicholson write that in Canada, privacy protection is focused on individual autonomy through personal control of information. Therefore, they propose '''the Canadian model as a conceptual middle ground between the EU and the US, as a basis for future American privacy protection'''. They find U.S. privacy protection to be primarily motivated by the protection of liberty; In the EU, the protection of privacy is mainly the protection of one’s dignity.  Canadians occupy the middle ground between the EU and the US, sharing American concerns about “Big Brother” government, while also having deep concerns about private sector abuse of their personal information. As a result, they find that Canadians identify privacy with a sense of control that enables them as individuals to set limits upon both the public and the private sector. (http://www.uoltj.ca/articles/vol2.2/2005.2.2.uoltj.Levin.357-395.pdf)
#Avner Levin and Mary Jo Nicholson write that in Canada, privacy protection is focused on individual autonomy through personal control of information. Therefore, they propose '''the Canadian model as a conceptual middle ground between the EU and the US, as a basis for future American privacy protection'''. They find U.S. privacy protection to be primarily motivated by the protection of liberty; In the EU, the protection of privacy is mainly the protection of one’s dignity.  Canadians occupy the middle ground between the EU and the US, sharing American concerns about “Big Brother” government, while also having deep concerns about private sector abuse of their personal information. As a result, they find that Canadians identify privacy with a sense of control that enables them as individuals to set limits upon both the public and the private sector. [http://www.uoltj.ca/articles/vol2.2/2005.2.2.uoltj.Levin.357-395.pdf Levin and Nicholson]
#Wendy Seltzer
#Wendy Seltzer
#Solove
#Richards and Solove's ([http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969495 Privacy's Other Path: Recovering the Law of Confidentiality]) explore how and why privacy law developed so differently in America and England.  They trace the diverging paths as a result of Samuel Warren and Louis Brandeis' [http://www.lawrence.edu/fast/boardmaw/Privacy_brand_warr2.html ''The Right to Privacy''] as well as William Prosser's [http://links.jstor.org/sici?sici=0008-1221(196008)48%3A3%3C383%3AP%3E2.0.CO%3B2-E ''Privacy''].
#Alessandro Acquisti says “by '''generating incentives to handle personal information in a new way''', appropriate legal intervention can allow the growth of the market for third parties providing solutions that anonymize off-line information but make it possible to share on-line profiles. By designing the appropriate liabilities, that intervention can also fight the tendency of “trust-me” or self-regulatory solutions to fail under pressure. If privacy is a holistic concept (Scoglio, 1998), only a holistic approach can provide its adequate protection: economic tools to identify the areas of information to share and those to protect; law to signal the directions the market should thereby take; and technology to make those directions viable” (http://www.heinz.cmu.edu/~acquisti/papers/acquisti_eis_refs.pdf)
#Viktor Mayer-Schoenberger says that “'''Only privacy statutes covering both the private and the public sector and encompassing all stages of the use of personal information - from collection and processing to retention and transferal - are seen as capable of containing and mitigating the danger to our privacy'''. So-called omnibus data protection is often bolstered with stringent auditing and enforcement procedures. The result is complex legal regimes that private and public sector users of personal information have to comply with in many industrial and post-industrial nations around the world, from Canada, Argentina and Chile to Hong Kong to Australia and New Zealand such legislation has been enacted, partially in response to public fears of large scale data collection and retention; in Europe, the European Union (EU) Data Protection Directive, passed in 1995, obligates all twenty-seven member nations of the EU to pass stringent omnibus privacy laws.  In nations where such comprehensive data protection regimes are still absent, like the United States, privacy advocates hope that media reports and general citizen unease over the threat to information privacy ultimately produce the ferment for political and legislative action. At the same token, such a response is fraught with two substantial problems: political inertia due to collective action hurdles and potential structural overreach combined with limited actual impact. (http://ksgnotes1.harvard.edu/Research/wpaper.nsf/rwp/RWP07-022/$File/rwp_07_022_mayer-schoenberger.pdf Mayer-Schoenberger)


= Problems =
= Problems =


 
*Choosing between providing one’s personal information and giving up the information and services that an individual wants from the network is particularly difficult in the current technological environment because, in many cases, it is not known what will happen to the personal information once it is out on the network. [http://nms.sagepub.com/cgi/content/abstract/8/6/949]
 
*Choosing between providing one’s personal information and giving up the information and services that an individual wants from the network is particularly difficult in the current technological environment because, in many cases, it is not known what will happen to the personal information once it is out on the network. <ref> Woo </ref>


*Google’s StreetView means that people are visible just walking on the street (http://www.wired.com/culture/lifestyle/commentary/theluddite/2007/06/luddite_0607), in their house, etc.
*Google’s StreetView means that people are visible just walking on the street (http://www.wired.com/culture/lifestyle/commentary/theluddite/2007/06/luddite_0607), in their house, etc.
Line 174: Line 129:


*While market forces might ensure fair use of data connected to the on-line identity, they do not guarantee optimal use and appropriate protection of the off-line identity (http://www.heinz.cmu.edu/~acquisti/papers/acquisti_eis_refs.pdf)
*While market forces might ensure fair use of data connected to the on-line identity, they do not guarantee optimal use and appropriate protection of the off-line identity (http://www.heinz.cmu.edu/~acquisti/papers/acquisti_eis_refs.pdf)
*In early September 2006, Jason Fortuny, a Seattle-area graphic designer and network administrator, posed as a woman and posted an ad to Craigslist Seattle seeking a casual sexual encounter with area men. On September 4, he posted to the internet all 178 of the responses, complete with photographs and personal contact details, describing this as the Cragslist Experiment and encouraging others to further identify the respondents. [http://en.wikipedia.org/wiki/Internet_privacy#Jason_Fortuny_and_Craigslist Fortuny Incident]


= Solutions =
= Solutions =


Outline
==Proposed Solutions==
I. Ranking of Proposed Solutions
II. Recent Court Cases Illustrating Views on Digital Privacy
III. The Solutions Proposed by the Experts in Further Detail
 
'''Proposed Solutions:'''


'''''Avner Levin and Mary Jo Nicholson as well as Viktor Mayer-Schoenberger advocate for U.S. legislation to protect citizens from the public and private sectors.  Levin and Nicholson propose the Canadian privacy laws as the paradigm—as they are the middle ground between EU and U.S. laws.  Levin and Nicholson’s proposal is that Canadian laws share American concerns about “Big Brother” government yet also address European concerns about private sector abuse of personal information.'''''
'''''Avner Levin and Mary Jo Nicholson as well as Viktor Mayer-Schoenberger advocate for U.S. legislation to protect citizens from the public and private sectors.  Levin and Nicholson propose the Canadian privacy laws as the paradigm—as they are the middle ground between EU and U.S. laws.  Levin and Nicholson’s proposal is that Canadian laws share American concerns about “Big Brother” government yet also address European concerns about private sector abuse of personal information.'''''
Line 190: Line 142:
*''Potential Benefits'':
*''Potential Benefits'':
**Seems the best way of protecting individual’s privacy rights.
**Seems the best way of protecting individual’s privacy rights.
'''
 
''Jisuk Woo and Jonathan Zittrain argue that the right not to be identified should be the most important privacy issue on the internet.  Woo proposes policy measures that ensure anonymity for individual users’.'''''   
'''''Jisuk Woo and Jonathan Zittrain (in his forthcoming book) argue that the right not to be identified should be the most important privacy issue on the internet.  Woo proposes policy measures that ensure anonymity for individual users’.'''''   
*''Potential Problems'':
*''Potential Problems'':
**Appears to contradict ''United States v. Zeigler''
**Appears to contradict ''United States v. Zeigler''
Line 208: Line 160:
Synthesis: These solutions are not necessarily incompatible.  That is, if there is a way of combining the ideal of the Canadian model with Zittrain’s belief that “U.S. digital privacy law should be in the spirit of ''Chapman v. United States''” and also incorporate economic incentives for this to happen—that may be the answer.'''
Synthesis: These solutions are not necessarily incompatible.  That is, if there is a way of combining the ideal of the Canadian model with Zittrain’s belief that “U.S. digital privacy law should be in the spirit of ''Chapman v. United States''” and also incorporate economic incentives for this to happen—that may be the answer.'''


==Recent Court Cases Illustrating Views on Digital Privacy==


*In ''United States v. Simons,'' the ruling was that employees do not have a reasonable expectation of privacy when it comes to their work related electronic communications
*In ''United States v. Gourde,'' 440 F.3d 1065, 1077 (9th Cir. 2006) it was found that "for most people, their computers are their most private spaces" 
*In 2007, ''United States v. Zeigler''. In this case, an employee had accessed child pornography websites from his workplace computer. His employer noticed his activities, made copies of the hard drive, and gave the FBI the employee's computer. At his criminal trial, Ziegler filed a motion to suppress the evidence because he argued that the government violated his Fourth Amendment rights. The Ninth Circuit allowed the lower court to admit the child pornography evidence. After reviewing relevant Supreme Court opinions on a reasonable expectation of privacy, the Court acknowledged that Ziegler had a reasonable expectation of privacy at his office and on his computer, however, the court found that: "In this context, Ziegler could not reasonably have expected that the computer was his personal property, free from any type of control by his employer. The contents of his hard drive, like the files in Mancusi, 392 U.S. at 369, were work-related items that contained business information and which were provided to, or created by, the employee in the context of the business relationship. Ziegler’s downloading of personal items to the computer did not destroy the employer’s common authority. Ortega, 480 U.S. at 716. Thus...the employer, could consent to a search of the office and the computer that it provided to Ziegler for his work"
*In 2007, ''State of New Jersey v. Shirley Reid''. In the case, prosecutors asserted that Shirley Reid broke into her employer’s computer system and changed its shipping address and password for suppliers. The police discovered her identity after getting a subpoena to the internet provider, Comcast Internet Service. The lower court suppressed information from the internet service provider that linked Reid with the crime. The New Jersey appellate court agreed with this decision. As a result, New Jersey offers greater privacy rights to computer users than most federal courts. Although this case does not directly discuss the Fourth amendment, it illustrates that some states are providing more privacy protection to computer users than the federal courts. It also illustrates that case law on privacy in workplace computers is still evolving.


==Summary of These Decisions and U.S Privacy Laws==


Americans are skeptical of having the government have their information but OK having business handle it [http://www.iht.com/articles/2005/08/07/news/data.php].  That is, in the US privacy protection is essentially liberty protection, i.e. protection from government [http://www.uoltj.ca/articles/vol2.2/2005.2.2.uoltj.Levin.357-395.pdf].  Moreover, American privacy law has never fully embraced privacy within relationships; it typically views information exposed to others as no longer private.[http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969495]  This is not that surprising since U.S. Privacy law historically focused on protecting the liberty of each individual citizen from the government.  For a more complete list of the history of U.S. Privacy law, please visit :




II. Recent Court Cases Illustrating Views on Digital Privacy:
'''[[Court Cases on Privacy]]'''
 
• In United States v. Simons, the ruling was that employees do not have a reasonable expectation of privacy when it comes to their work related electronic communicationsUnited States v. Simons
• In United States v. Gourde, 440 F.3d 1065, 1077 (9th Cir. 2006) it was found that "for most people, their computers are their most private spaces" United States v. Gourde
• In 2007, United States v. Zeigler. In this case, an employee had accessed child pornography websites from his workplace computer. His employer noticed his activities, made copies of the hard drive, and gave the FBI the employee's computer. At his criminal trial, Ziegler filed a motion to suppress the evidence because he argued that the government violated his Fourth Amendment rights. The Ninth Circuit allowed the lower court to admit the child pornography evidence. After reviewing relevant Supreme Court opinions on a reasonable expectation of privacy, the Court acknowledged that Ziegler had a reasonable expectation of privacy at his office and on his computer, however, the court found that: "In this context, Ziegler could not reasonably have expected that the computer was his personal property, free from any type of control by his employer. The contents of his hard drive, like the files in Mancusi, 392 U.S. at 369, were work-related items that contained business information and which were provided to, or created by, the employee in the context of the business relationship. Ziegler’s downloading of personal items to the computer did not destroy the employer’s common authority. Ortega, 480 U.S. at 716. Thus...the employer, could consent to a search of the office and the computer that it provided to Ziegler for his work" United States v. Zeigler
• In 2007, State of New Jersey v. Shirley Reid. In the case, prosecutors asserted that Shirley Reid broke into her employer’s computer system and changed its shipping address and password for suppliers. The police discovered her identity after getting a subpoena to the internet provider, Comcast Internet Service. The lower court suppressed information from the internet service provider that linked Reid with the crime. The New Jersey appellate court agreed with this decision. As a result, New Jersey offers greater privacy rights to computer users than most federal courts. Although this case does not directly discuss the Fourth amendment, it illustrates that some states are providing more privacy protection to computer users than the federal courts. It also illustrates that case law on privacy in workplace computers is still evolving State of New Jersey v. Shirley Reid
 
 
 
III. Experts’ Solutions:
 
* Jonathan Zittrain believes “U.S. digital privacy law should be in the spirit of Chapman v. United States. In this case, a police search of a rented house for a whiskey still was found to be a violation of the Fourth Amendment rights of the tenant, despite the fact that the landlord had consented to the search. The Court refused to find that the right against intrusion was held only by the absentee owner of the place intruded — rather, it was held by the person who actually lived and kept his effects there.” '''Similarly, the data we store for ourselves in servers that others own ought to be thought of as our own papers and effects in which we have a right to be secure''' (his new book, Chapter 8, page 15).
 
I did not get to read Professor Zittrain’s entire new book, only two chapters, and I’m sure there are other proposed solutions.  The one counter-claim I find to his above solution, however, is that it potentially contradicts United States v. Zeigler.  While any new laws should protect the privacy of the individual computer user, there is a tension with digital technology privacy (ie when the computer is someone else’s (a company) or the wireless is someone else’s) that is not present in the “spirit of Chapman v. United States.”  The tension is if law enforcement officials access private searches on a public domain (public or private company network (as in Zeigler)) then the distinction between private and public becomes more complex than in Chapman.
 
* Jisuk Woo believes that the right not to be identified should be the most important concept that privacy consists of on the internet…Therefore, policy measures for network privacy should focus on ensuring individual users’ search for anonymity by recognizing the right to be silent about their identities and the right to disguise their identities rather than providing restrictions on easily identifiable external forces and institutions (http://nms.sagepub.com/cgi/content/abstract/8/6/949)
 
* Avner Levin and Mary Jo Nicholson write that in Canada privacy protection is focused on individual autonomy through personal control of information. Therefore, they propose the Canadian model as a conceptual middle ground between the EU and the US, as a basis for future American privacy protection. They find U.S. privacy protection to be primarily motivated by the protection of liberty; In the EU, the protection of privacy is mainly the protection of one’s dignity. Canadians occupy the middle ground between the EU and the US, sharing American concerns about “Big Brother” government, while also having deep concerns about private sector abuse of their personal information. As a result, they find that Canadians identify privacy with a sense of control that enables them as individuals to set limits upon both the public and the private sector. (http://www.uoltj.ca/articles/vol2.2/2005.2.2.uoltj.Levin.357-395.pdf)
 
* Alessandro Acquisti says “by generating incentives to handle personal information in a new way, appropriate legal intervention can allow the growth of the market for third parties providing solutions that anonymize off-line information but make it possible to share on-line profiles. By designing the appropriate liabilities, that intervention can also fight the tendency of “trust-me” or self-regulatory solutions to fail under pressure. If privacy is a holistic concept (Scoglio, 1998), only a holistic approach can provide its adequate protection: economic tools to identify the areas of information to share and those to protect; law to signal the directions the market should thereby take; and technology to make those directions viable” (http://www.heinz.cmu.edu/~acquisti/papers/acquisti_eis_refs.pdf)
 
 
* Viktor Mayer-Schoenberger says that “Only privacy statutes covering both the private and the public sector and encompassing all stages of the use of personal information - from collection and processing to retention and transferal - are seen as capable of containing and mitigating the danger to our privacy. So-called omnibus data protection is often bolstered with stringent auditing and enforcement procedures. The result is complex legal regimes that private and public sector users of personal information have to comply with in many industrial and post-industrial nations around the world, from Canada, Argentina and Chile to Hong Kong to Australia and New Zealand such legislation has been enacted, partially in response to public fears of large scale data collection and retention; in Europe, the European Union (EU) Data Protection Directive, passed in 1995, obligates all twenty-seven member nations of the EU to pass stringent omnibus privacy laws.  In nations where such comprehensive data protection regimes are still absent, like the United States, privacy advocates hope that media reports and general citizen unease over the threat to information privacy ultimately produce the ferment for political and legislative action. At the same token, such a response is fraught with two substantial problems: political inertia due to collective action hurdles and potential structural overreach combined with limited actual impact. (http://ksgnotes1.harvard.edu/Research/wpaper.nsf/rwp/RWP07-022/$File/rwp_07_022_mayer-schoenberger.pdf)
 
 


and


 
[[History of U.S. Privacy Laws]]
 
 
 
*'''Be more like Canadian law'''
**Levin and Nicholson's solution ties together Europe's fight for privacy as dignity and American's fight for privacy as liberty. Liberty affords control in the political sphere, not giving up control to one's government. Dignity affords control in the social sphere - not giving up control to others with whom one interacts - neighbors, teachers, businesses, employers, etc. 
***Their proposed solution is the Canadian model which protects dignity '''and''' liberty.
 
'''Questions a Solution Should Answer:'''
*How do we afford individual's control over one's image, one's dignity, etc in this digital age?
**According to past EU laws precedents, new laws regarding, say, someone posting embarassing photos of me on Flickr would be illegal, as it would invade my privacy by offending my dignity. It would not, however, offend my liberty (and it seems that such liberty arguments are largely moot anyways with the introduction of the Patriot Act, which gives the government incredible access to our private information, and hence our liberty) (http://diginatives.blogspot.com/2007/06/dn-specific-takeaways-from-privacy-law.html).
According to the authors, the Candaians "got it right". Consider their definition, and then explanation, of privacy:
 
" ...the right to control access to one’s person and information about one’s self.
The right to privacy means that individuals get to decide what and how much
information to give up, to whom it is given, and for what uses....A multicultural society does not attempt to impose on its members values, which some elements in it may very
well hold dear—such as dignity or liberty—but encourages the development of
these values autonomously, within a multicultural framework. Canadians, it
seems, perceive their privacy as most importantly protecting this autonomy, and
believe that members of society should be free to decide for themselves what is
important for them to control."
 
Should the goal be to give individuals the right to control information about themselves? At the cost of government interference about collecting and posting information? (http://diginatives.blogspot.com/2007/06/dn-specific-takeaways-from-privacy-law.html).
Authors argue that "Americans want their government to let them interact freely with one another and to not intervene." But this is changing: "As e-mails, modems, and
PCs break down the boundaries between work and home, there are
progressively fewer private or public spaces for citizens to express themselves
autonomously. The Internet has blurred the distinction between the home and
the office, as Americans are spending more time at the office and are using
company-owned computers and Internet servers to do their work from home.
But as technology poses new challenges to geographic concepts of privacy,
courts have not been encouraged to think creatively about how to reconstruct
zones of individual privacy and free expression."
 
the bold is where we come in (http://diginatives.blogspot.com/2007/06/dn-specific-takeaways-from-privacy-law.html)
- More broadly, since American privacy law often remains focused around individualistic conceptions of privacy, it has not fully embraced protecting confidentiality in relationships. In many other contexts, such as trade secrets and business confidences, American law readily provides remedies against unwarranted breaches of trust.403 But in the domain of privacy, American law has not progressed nearly as far as English law in recognizing and protecting trust in relationships. An increased recognition of a confidentiality-based conception of privacy might also have significant implications in other areas of American privacy law that developed under the influence of Warren and Brandeis. (SSRN)
 
 
- Concerns over such power (and its potential abuse) has prompted three types of reactions – the comprehensive legislative response, the constitutional reinterpretation response and the null response.
a. Comprehensive Privacy Legislation:
Many privacy advocates argue that the comprehensive trail of personal digitized data that are retained requires a similarly comprehensive legislative reaction. While constraining data retention the goal of such legislative action is much broader. Only privacy statutes covering both the private and the public sector and encompassing all stages of the use of personal information - from collection and processing to retention and transferal - are seen as capable of containing and mitigating the danger to our privacy. So-called omnibus data protection is often bolstered with stringent auditing and enforcement procedures. The result is complex legal regimes that private and public sector users of personal information have to comply with 31
In many industrial and post-industrial nations around the world, from Canada31, Argentina32 and Chile33 to Hong Kong34 to Australia35 and New Zealand36 such legislation has been enacted, partially in response to public fears of large scale data collection and retention37; in Europe, the European Union (EU) Data Protection Directive, passed in 1995, obligates all twenty-seven member nations of the EU to pass stringent omnibus privacy laws.38
In nations where such comprehensive data protection regimes are still absent, like the United States, privacy advocates hope that media reports and general citizen unease over the threat to information privacy ultimately produce the ferment for political and legislative action.
At the same token, such a response is fraught with two substantial problems: political inertia due to collective action hurdles and potential structural overreach combined with limited actual impact. (http://ksgnotes1.harvard.edu/Research/wpaper.nsf/rwp/RWP07-022/$File/rwp_07_022_mayer-schoenberger.pdf)


= Relevant Research and Articles =
= Relevant Research and Articles =
Line 307: Line 201:


[http://www.privacyinternational.org Privacy International, ''A Race to the Bottom: Privacy Ranking of Internet Service Companies'' June 9, 2007].
[http://www.privacyinternational.org Privacy International, ''A Race to the Bottom: Privacy Ranking of Internet Service Companies'' June 9, 2007].
[http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/6994776.stm BBC News: Google Calls for Global Web Privacy Laws, 09.14.07.]


== U.S. Privacy Articles ==
== U.S. Privacy Articles ==
Line 317: Line 213:


[http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026638&source=rss_news50 Your first girlfriend -- and the other things search engines store about you]
[http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026638&source=rss_news50 Your first girlfriend -- and the other things search engines store about you]
[http://www.techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/ AOL Proudly Releases Massive Amounts of User Search Data, TechCrunch, 2006]
[http://news.com.com/8301-13577_3-9759743-36.html?tag=nefd.only Say what? Nevada judge loses post over MySpace 'bias against prosecutors' (August 2007)]


== European Privacy ==
== European Privacy ==
Line 367: Line 267:


[http://www.iht.com/articles/2005/08/07/news/data.php  Strong privacy laws may explain data security in Europe, ''The New York Times''', August 2005]
[http://www.iht.com/articles/2005/08/07/news/data.php  Strong privacy laws may explain data security in Europe, ''The New York Times''', August 2005]
=References=
<references />
[[Category:Core Articles]]

Latest revision as of 17:56, 4 October 2010

Portal:Digital Privacy

Overview

Digital Privacy is a complex issue because the definition of privacy is on-going and relative, not merely situational. For example, privacy in the colonial period of United States history meant something drastically different from what privacy now means in the U.S. Furthermore, privacy has different meanings across boundaries--as European privacy law differs from U.S privacy law, and both of them differ from Canadian privacy law. As technology, specifically the internet, takes off, issues of privacy are critically important. What is now considered a public domain? Does such a thing as a private domain exist anymore? Should companies be allowed to retain data on individual user's searches? Should Google be allowed to take pictures of people's houses? What happens if someone takes a picture of a private citizen and posts it on the internet? What happens if it is a video? Is there a way to enforce a law even if passed?

What are the implications of growing up in a society that always remembers and never forgets? The life of a Digital Native is constantly recorded through digital tracks. What will the future hold? How does this environment impact the ways in which Digital Natives think about privacy? The generation gap between non-natives and natives highlights the blurring definition of privacy. Previously thought private domains are being public--and public places are no longer parochially public but in fact globally public.

These are only some of the questions that need answers in this increasingly digital age. The following description and analysis of digital privacy aims to shed light on these questions and addresses possible solutions.

Elements of Digital Privacy

Collection & Retention- digital tracks & readily accessible information

  • SUMMARY: The life of a Digital Native is constantly being recorded. This information about a Digital Native is retained by and accessible to others. The following are examples of what kind of data is retained, who collects it, and who can view it:
  • For example, a search on Google results in a stream of information is sent to, and stored in, the Google servers. This includes the computer IP address, the date and time of the query, the browser used, and the unique cookie ID assigned to the computer. If G-mail users are logged in then Google associates this data with personally identifiable information.
  • Microsoft Live Search also records the type of search you conducted (image, Web, local, etc.), while Google additionally stores your browser type and language. And when you click on a link displayed on Google, that may also be recorded and associated with your computer's IP address. While Google Inc. recently announced that it would make its search logs anonymous after 18 months' time by deleting part of the IP address and obfuscating cookies associated with search queries, Microsoft Corp. and Yahoo Inc. haven't yet made their retention policies public. AOL LLC stores this data for just one month.[1]
  • Every Internet search resides on a computer somewhere. Comings and goings are monitored by security cameras. Phone calls are logged by telecommunications companies.[2]
  • This Washington Post article shows a typical day of an ordinary woman and what kinds of information is collected about her.
  • In 2006, AOL released the search data of over 20 million users for the public to view [3]
  • ZabaSearch queries return a wealth of info sometimes dating back more than 10 years: residential addresses, phone numbers both listed and unlisted, birth year, even satellite photos of people's homes. ZabaSearch isn't the first or only such service online. Yahoo's free People Search, for example, returns names, telephone numbers and addresses. But the information is nothing more than what's been available for years in the White Pages...Far more personal information is available from data brokers, including aliases, bankruptcy records and tax liens. That access typically requires a fee, however, which has always been a barrier to the casual snooper...But ZabaSearch makes it easier than ever to find comprehensive personal information on anyone.[4]

Visibility

  • Technology can organize, highlight, and take out of context info that's already available online. For example, the New York Times recently reported that Rudy Giuliani's daughter supported Barack Obama on Facebook.[5] After this was reported her profile was taken down. This incident shows that much of the information on the internet is available for anyone to see. ZabaSearch provides people's full name, birth date and address.
    • Facebook news feeds, Address & telephone number look-up
  • Private vs. Public Domains. What happens when these boundaries are blurred? How do you legislate?

Places once thought private are now becoming public. Places once thought public are now global. On many internet sites, the default is set for the least privacy. Given the increase in accessibility to information and the decrease in privacy are there effective ways to legislate privacy rights? Legal experts provide solutions are available under the subheading 'What the Experts Think'

  • Control over posting to the web - (offline to online)

(SSN being posted online as local government put (always) public records online, Google Street View, Posting and naming someone's picture on a MySpace page)

Control over reproduction/duplication

  • SUMMARY: This is a tricky issue arising from the internet. Previously thought private information is now becoming public. The following are examples of people's picture/video taken without their permission and circulated throughout the internet. While in the first example the victim is not in the wrong, whereas in the other two people genuinely did immoral acts, nevertheless the issue arises: Does a person control a right to reproduction/duplication of their body and actions from the internet? As of yet, no solution has been found that does grant full autonomy to the individual.
  • The Washington Post recently reported a story about Allison Stokke, whose picture was taken at a public venue and then circulated around the internet without her consent. The issue that arises is simple: Does she have a right to protect herself from unauthorized duplication of pictures of her? Currently, U.S. laws do not protect her.
  • In 2006 on a bus heading to Hong Kong, a dispute occurred on the bus involving two men. The altercation was filmed by another passenger's cell phone and posted on the internet. The video became the most popular on the internet in May 2006.[6] The incident became known as "bus uncle".
  • Then there's the story of Dog Poop Girl whose dog threw up on a subway car. She did not clean it up. A fellow passenger took her picture and posted it online asking for people to identify her. The Washington Post reports that "humiliated in public and indelibly marked, the woman reportedly quit her university."
    • The Dog Poop Girl case "involves a norm that most people would seemingly agree to -- clean up after your dog," wrote Daniel J. Solove, a George Washington University law professor who specializes in privacy issues, on one blog. "But having a permanent record of one's norm violations is upping the sanction to a whole new level . . . allowing bloggers to act as a cyber-posse, tracking down norm violators and branding them with digital scarlet letters."[7]

Protection against whom?

Privacy protection can be broken down to include protection from:

  • a) Government: U.S. Privacy laws focus on protecting individual citizens from infringement by the government.
  • b) Service Providers (Google, Facebook, ISP, etc) are not specifically regulated by U.S law on issues such as : right to keep info, distribute, sell, etc.
  • c) Schools, teachers, etc - what kind of rights do students have?
  • d) Employers, neighbors, health insurers, etc.

EU Privacy Law

In March 2006, the European Commission passed the European Data Retention Directive. This directive legally requires all Internet and telephone service providers in the EU to retain records of communication data for up to 2 years. While communication service providers are _not_ allowed to retain records of the _content_ of communications, virtually all other data about the communications is required to be collected and stored, to be turned over to the authorities upon request.

The data required to be collected, at each instance of communication, is as follows:

For telephone communications (both mobile and stationary):

  • The telephone number, name, and address of registered user(s) of both call or sms initiator and call or sms recipient.
  • The date, start time, and end time of the communication.
  • Data identifying the type of communication service used (eg. phone call, sms, video message).
  • The geographical location of both parties in the entire duration of the communication.
  • Data identifying user's communication equipment

For Internet communications (including Internet access, e-mail, and Internet telephony):

  • The userID (unique ISP provided ID), telephone number (if dial-up), name and address of registered user of both the internet communication initiator and recipient.
  • The date and time of log-in and log-off to Internet access service, IP address, whether dynamic or static, user ID, date and time of the log-in and log-off of e-mail or VoIP service of both parties.
  • Data identifying the type of communication service used (eg. site access, Sype, AIM).
  • The phone number for dial-up access; the digital subscriber line (DSL) or other end point of the originator of the communication.

U.S. Privacy Law

Court Cases on Privacy

and

History of U.S. Privacy Laws

Divergence of U.S. and European Privacy Laws

Origins

  • Warren and Brandeis did not write on a nearly blank slate when they crafted their “right to privacy.” Instead of developing and expanding the robust law of confidentiality that already existed, Warren and Brandeis took American privacy law down a different path. [8]
    • Before the Warren and Brandeis article, English and American privacy law were on a similar trajectory, being built out of the same materials and concepts. American judges read English precedent and attempted to situate their rulings within the fabric of the common law. Afterwards, the paths diverged. The path Warren and Brandeis charted for American privacy law was not that of developing the law of confidentiality. [9]
    • Instead of creating a law of privacy, however, England developed a law of confidentiality, which was explicitly distinguished from privacy. Ironically, both the American law of privacy and the English law of confidentiality emerged from the same source – the Prince Albert case.[10]

European Privacy Law?

    • According to past EU laws precedents, new laws regarding, say, someone posting embarrassing photos of another on Flickr would be illegal, as it is an invasion of privacy and offends one's dignity. It would not, however, offend liberty (and it seems that such liberty arguments are largely moot anyways with the introduction of the Patriot Act, which gives the government incredible access to our private information, and hence our liberty).

Avner Levin and Mary Jo Nicholson's definition of Canadian Privacy Law:

  • " ...the right to control access to one’s person and information about one’s self. The right to privacy means that individuals get to decide what and how much information to give up, to whom it is given, and for what uses....A multicultural society does not attempt to impose on its members values, which some elements in it may very well hold dear—such as dignity or liberty—but encourages the development of these values autonomously, within a multicultural framework. Canadians, it seems, perceive their privacy as most importantly protecting this autonomy, and believe that members of society should be free to decide for themselves what is important for them to control" (Levin, Avner and Nicholson, Mary Jo, "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground" . University of Ottawa Law & Technology Journal, Vol. 2, No. 2, pp. 357-395, 2005 Available at SSRN: http://ssrn.com/abstract=894079).

Problems with American Privacy Law

  • "Americans want their government to let them interact freely with one another and to not intervene." But this is changing: "As e-mails, modems, and PCs break down the boundaries between work and home, there are progressively fewer private or public spaces for citizens to express themselves autonomously. The Internet has blurred the distinction between the home and the office, as Americans are spending more time at the office and are using company-owned computers and Internet servers to do their work from home. But as technology poses new challenges to geographic concepts of privacy, courts have not been encouraged to think creatively about how to reconstruct zones of individual privacy and free expression." (Levin, Avner and Nicholson, Mary Jo, "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground" . University of Ottawa Law & Technology Journal, Vol. 2, No. 2, pp. 357-395, 2005 Available at SSRN: http://ssrn.com/abstract=894079)
  • More broadly, since American privacy law often remains focused around individualistic conceptions of privacy, it has not fully embraced protecting confidentiality in relationships. In many other contexts, such as trade secrets and business confidences, American law readily provides remedies against unwarranted breaches of trust. But in the domain of privacy, American law has not progressed nearly as far as English law in recognizing and protecting trust in relationships. An increased recognition of a confidentiality-based conception of privacy might also have significant implications in other areas of American privacy law that developed under the influence of Warren and Brandeis. [11] (Richards, Neil M. and Solove, Daniel J., "Privacy's Other Path: Recovering the Law of Confidentiality" . Georgetown Law Journal, 2007 Available at SSRN: http://ssrn.com/abstract=969495)

Generational Differences in Attitudes about Privacy

What the Experts Think

  1. Jonathan Zittrain believes U.S. digital privacy law should be in the spirit of Chapman v. United States. In this case, a police search of a rented house for a whiskey still was found to be a violation of the Fourth Amendment rights of the tenant, despite the fact that the landlord had consented to the search. The Court refused to find that the right against intrusion was held only by the absentee owner of the place intruded — rather, it was held by the person who actually lived and kept his effects there.
  2. Jisuk Woo believes that the right not to be identified should be the most important concept that privacy consists of on the internet. By not being identified, he hopes that individuals can protect themselves from the potential risk and threat of surveillance of their activities. He believes that the modern concept of privacy has set as its main goal freedom from the government, and although citizens may be concerned about internet privacy, they willingly give up their privacy for consumer convenience and other monetary benefits. Therefore, policy measures for network privacy should focus on ensuring individual users’ search for anonymity by recognizing the right to be silent about their identities and the right to disguise their identities rather than providing restrictions on easily identifiable external forces and institutions. Woo
  3. Avner Levin and Mary Jo Nicholson write that in Canada, privacy protection is focused on individual autonomy through personal control of information. Therefore, they propose the Canadian model as a conceptual middle ground between the EU and the US, as a basis for future American privacy protection. They find U.S. privacy protection to be primarily motivated by the protection of liberty; In the EU, the protection of privacy is mainly the protection of one’s dignity. Canadians occupy the middle ground between the EU and the US, sharing American concerns about “Big Brother” government, while also having deep concerns about private sector abuse of their personal information. As a result, they find that Canadians identify privacy with a sense of control that enables them as individuals to set limits upon both the public and the private sector. Levin and Nicholson
  4. Wendy Seltzer
  5. Richards and Solove's (Privacy's Other Path: Recovering the Law of Confidentiality) explore how and why privacy law developed so differently in America and England. They trace the diverging paths as a result of Samuel Warren and Louis Brandeis' The Right to Privacy as well as William Prosser's Privacy.
  6. Alessandro Acquisti says “by generating incentives to handle personal information in a new way, appropriate legal intervention can allow the growth of the market for third parties providing solutions that anonymize off-line information but make it possible to share on-line profiles. By designing the appropriate liabilities, that intervention can also fight the tendency of “trust-me” or self-regulatory solutions to fail under pressure. If privacy is a holistic concept (Scoglio, 1998), only a holistic approach can provide its adequate protection: economic tools to identify the areas of information to share and those to protect; law to signal the directions the market should thereby take; and technology to make those directions viable” (http://www.heinz.cmu.edu/~acquisti/papers/acquisti_eis_refs.pdf)
  7. Viktor Mayer-Schoenberger says that “Only privacy statutes covering both the private and the public sector and encompassing all stages of the use of personal information - from collection and processing to retention and transferal - are seen as capable of containing and mitigating the danger to our privacy. So-called omnibus data protection is often bolstered with stringent auditing and enforcement procedures. The result is complex legal regimes that private and public sector users of personal information have to comply with in many industrial and post-industrial nations around the world, from Canada, Argentina and Chile to Hong Kong to Australia and New Zealand such legislation has been enacted, partially in response to public fears of large scale data collection and retention; in Europe, the European Union (EU) Data Protection Directive, passed in 1995, obligates all twenty-seven member nations of the EU to pass stringent omnibus privacy laws. In nations where such comprehensive data protection regimes are still absent, like the United States, privacy advocates hope that media reports and general citizen unease over the threat to information privacy ultimately produce the ferment for political and legislative action. At the same token, such a response is fraught with two substantial problems: political inertia due to collective action hurdles and potential structural overreach combined with limited actual impact. (http://ksgnotes1.harvard.edu/Research/wpaper.nsf/rwp/RWP07-022/$File/rwp_07_022_mayer-schoenberger.pdf Mayer-Schoenberger)

Problems

  • Choosing between providing one’s personal information and giving up the information and services that an individual wants from the network is particularly difficult in the current technological environment because, in many cases, it is not known what will happen to the personal information once it is out on the network. [12]
  • In early September 2006, Jason Fortuny, a Seattle-area graphic designer and network administrator, posed as a woman and posted an ad to Craigslist Seattle seeking a casual sexual encounter with area men. On September 4, he posted to the internet all 178 of the responses, complete with photographs and personal contact details, describing this as the Cragslist Experiment and encouraging others to further identify the respondents. Fortuny Incident

Solutions

Proposed Solutions

Avner Levin and Mary Jo Nicholson as well as Viktor Mayer-Schoenberger advocate for U.S. legislation to protect citizens from the public and private sectors. Levin and Nicholson propose the Canadian privacy laws as the paradigm—as they are the middle ground between EU and U.S. laws. Levin and Nicholson’s proposal is that Canadian laws share American concerns about “Big Brother” government yet also address European concerns about private sector abuse of personal information.

  • Potential Problems:
    • Congress would need to pass legislation against the wishes of private-interests (private companies that retain personal information, Google, Yahoo, etc.). Thus, this could be difficult to pass.
  • Potential Benefits:
    • Seems the best way of protecting individual’s privacy rights.

Jisuk Woo and Jonathan Zittrain (in his forthcoming book) argue that the right not to be identified should be the most important privacy issue on the internet. Woo proposes policy measures that ensure anonymity for individual users’.

  • Potential Problems:
    • Appears to contradict United States v. Zeigler
      • Issue: Does individual have right to privacy if committing illegal activities on public domain? (ie company computer, company wireless, etc.)
  • Potential Benefits:
    • Seemingly the closest to Warren and Brandeis concept of “the right to be let alone.”
    • In the spirit of State of New Jersey v. Shirley Reid

Alessandro Acquisti proposes economic incentives through third parties handling of personal information.

  • Potential Problems:
    • Market forces can be structurally flawed. Thus, this could potentially lead to money-making schemes at the expense of individual privacy.
  • Potential Benefits:
    • Presumably easier and quicker to pass into law (than Levin and Nicholson’s proposal) because less adverse effect on influential special-interest groups.
    • Sometimes the market is the most efficient option.

Synthesis: These solutions are not necessarily incompatible. That is, if there is a way of combining the ideal of the Canadian model with Zittrain’s belief that “U.S. digital privacy law should be in the spirit of Chapman v. United States” and also incorporate economic incentives for this to happen—that may be the answer.

Recent Court Cases Illustrating Views on Digital Privacy

  • In United States v. Simons, the ruling was that employees do not have a reasonable expectation of privacy when it comes to their work related electronic communications
  • In United States v. Gourde, 440 F.3d 1065, 1077 (9th Cir. 2006) it was found that "for most people, their computers are their most private spaces"
  • In 2007, United States v. Zeigler. In this case, an employee had accessed child pornography websites from his workplace computer. His employer noticed his activities, made copies of the hard drive, and gave the FBI the employee's computer. At his criminal trial, Ziegler filed a motion to suppress the evidence because he argued that the government violated his Fourth Amendment rights. The Ninth Circuit allowed the lower court to admit the child pornography evidence. After reviewing relevant Supreme Court opinions on a reasonable expectation of privacy, the Court acknowledged that Ziegler had a reasonable expectation of privacy at his office and on his computer, however, the court found that: "In this context, Ziegler could not reasonably have expected that the computer was his personal property, free from any type of control by his employer. The contents of his hard drive, like the files in Mancusi, 392 U.S. at 369, were work-related items that contained business information and which were provided to, or created by, the employee in the context of the business relationship. Ziegler’s downloading of personal items to the computer did not destroy the employer’s common authority. Ortega, 480 U.S. at 716. Thus...the employer, could consent to a search of the office and the computer that it provided to Ziegler for his work"
  • In 2007, State of New Jersey v. Shirley Reid. In the case, prosecutors asserted that Shirley Reid broke into her employer’s computer system and changed its shipping address and password for suppliers. The police discovered her identity after getting a subpoena to the internet provider, Comcast Internet Service. The lower court suppressed information from the internet service provider that linked Reid with the crime. The New Jersey appellate court agreed with this decision. As a result, New Jersey offers greater privacy rights to computer users than most federal courts. Although this case does not directly discuss the Fourth amendment, it illustrates that some states are providing more privacy protection to computer users than the federal courts. It also illustrates that case law on privacy in workplace computers is still evolving.

Summary of These Decisions and U.S Privacy Laws

Americans are skeptical of having the government have their information but OK having business handle it [13]. That is, in the US privacy protection is essentially liberty protection, i.e. protection from government [14]. Moreover, American privacy law has never fully embraced privacy within relationships; it typically views information exposed to others as no longer private.[15] This is not that surprising since U.S. Privacy law historically focused on protecting the liberty of each individual citizen from the government. For a more complete list of the history of U.S. Privacy law, please visit :


Court Cases on Privacy

and

History of U.S. Privacy Laws

Relevant Research and Articles

Useful Void: The Art of Forgetting in the Age of Ubiquitous Computing (Mayer-Schoenberger, 2007)

How Many Ways You're Being Watched, USA Today (2007)

Enjoying Technologies Conveniences But Not Escaping Its Watchful Eyes, Washington Post (2007)

Mediating the public/private boundary at home : children’s use of the internet for privacy and participation (S. Livingstone, 2005)

Your Identity, Open to All (Wired News, 2005)

Why Web 2.0 will end your privacy (Bit Tech, 2006)

Strong privacy laws may explain data security in Europe (Intl. Herald Tribune, 2005)

OnGuardOnline - provides tips from the federal government and the technology industry on Internet fraud, securing your computer, and protecting your personal information.

COPPA - Children's Online Privacy Protection Act

Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook (Acquisti and Gross, 2006).

Privacy International, A Race to the Bottom: Privacy Ranking of Internet Service Companies June 9, 2007.

BBC News: Google Calls for Global Web Privacy Laws, 09.14.07.

U.S. Privacy Articles

Digital Millenium Copyright Act of 1998

Software lets parents monitor kids' calls

A privacy paradox: Social networking in the United States (Barnes, 2006)

Your first girlfriend -- and the other things search engines store about you

AOL Proudly Releases Massive Amounts of User Search Data, TechCrunch, 2006

Say what? Nevada judge loses post over MySpace 'bias against prosecutors' (August 2007)

European Privacy

Relevant Legislation

EU Data Retention Directive, Article 5,6,10

EU Directive on Privacy and Electronic Communications, Article 4,5,6,9,12

Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, Article 8,10

Resources and Articles

Digital Civil Rights in Europe

European Data Protection Supervisor

Data Protection

Legislation

French State Council allows tracing P2P users

The European Parliament voted for stronger data protection

Europe votes to restrict police data sharing

Google may use games to analyse net users

Minister of the Interior renews call for legal online PC search option

German government admits it is already conducting online searches

Google hostile to privacy

ICT lobby says Dutch law protects privacy rights in RFID applications

Privacy in US v. Europe: Comparing conceptions and legislation

‘La difference’ is stark in EU, U.S. privacy laws

Internet privacy law: a comparison between the United States and the European Union

Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground

N. Richards & D. Solove, PRIVACY’S OTHER PATH: RECOVERING THE LAW OF CONFIDENTIALITY (A comparison of English and American privacy law)

Suddenly, the Paranoids Don't Seem So Paranoid Anymore, Wired, June 2007

Strong privacy laws may explain data security in Europe, The New York Times', August 2005