Friday, December 4, 2009

EFF, Samuelson Clinic File Lawsuit Against Six Government Agencies Regarding Use of Social Networking Sites

The news I want to discuss today is about The Electronic Frontier Foundation (EFF) and the Samuelson Law, Technology, and Public Policy Clinic at the University of California, Berkeley, School of Law filing a lawsuit on Tuesday against six government agencies in order to force the disclosure of policies governing the use of social networking sites for investigations, data-collection, and surveillance.

As some might remember, EFF and the Samuelson Clinic have also recently launched a Google Book Search privacy campaign (along with the ACLU) to alert the public about the approaching launch of the corporate juggernaut's entrance into the "library business" (my term).

One thing is certain, with the explosion in popularity of social networking sites like Facebook (and that's to say nothing of company's like Google and the array of privacy challenges many of its products represent), the ability to protect ones personal privacy has become increasingly challenging. As I have asserted here in the past, it goes without saying that tools like Facebook reveal a considerable amount of information about a user's lifestyle, interests, and goals.

Depending on the user's settings, co-workers, employers, and certain family members could have access to information about the user that may be better left unknown. Recent Facebook flaps highlights growing concerns about the increasingly sophisticated technologies used to track online activities in an effort to more precisely target advertising.

But my focus today, as I discussed on Wednesday with the news that law enforcement made 8 million requests to Sprint alone for customer GPS data information, is the government's efforts to access our private information and how these companies may or may not be responding to such requests and why?

Online companies regularly receive demands for personal information about their users—with little to no judicial oversight.

AS Nicole Ozer of the ACLU detailed in a recent article on the California Progress Report when discussing her organizations new DotRights campaign:

Facebook reportedly receives up to 100 demands each week seeking information about its users. AOL reportedly receives 1,000 demands a month. In 2006, a U.S. Attorney demanded book purchase records of 24,000 customers. (In a show of loyalty to users, the company successfully fought back against the subpoena.)

Other companies, like Google, don't make public how often information about their users is demanded or disclosed. No one should be forced to choose between using the Internet and keeping their personal information from being misused. We shouldn't have to pay for these seemingly free online services with personal details about our lives.

Consumers clearly want more control over personal information, so it's good business for companies to join consumers in demanding a privacy upgrade. A 2009 national telephone survey conducted by the University of California, Berkeley, and University of Pennsylvania revealed that 92% of American adults believe they should retain the right to delete their information from a site, and 69% feel there should be a law that gives people the right to know everything that a website knows about them.

So with that context now to consider, let's get to the lawsuit by EFF and the Samuelson clinic, which by the way, follows over a dozen Freedom of Information Act (FOIA) requests seeking this information from the Department of Defense, the Department of Homeland Security, the Department of Justice, the Department of Treasury, the Central Intelligence Agency, the Office of the Director of National Intelligence, and other agencies.

As you may have guess, these went largely unanswered.

Computerworld reports:

Shane Witnov, a law student at UC Berkeley School of Law's Samuelson Law, Technology and Public Policy Clinic said the lawsuit was prompted by the need for more transparency around the government's use of social networking sites for information gathering purposes.

"Social networking Web sites can be invaluable sources of information. There is a wealth of information on there that can be really useful in crime protection," he said. At the same time, an unchecked ability to gather information from such sites could be invasive of privacy, he said. The eight-page complaint lists several media reports about law enforcement's use of social sites for surveillance purposes. One of the reports includes an Associated Press story about police searching Facebook photos for evidence of underage drinking and watching YouTube videos to identify suspected rioters.


"Although the Federal Government clearly uses social-networking websites to collect information, often for laudable reasons, it has not clarified the scope of its use of social-networking websites or disclosed what restrictions and oversight is in place to prevent abuse," the lawsuit said.

For instance, there is no information on how such searches are conducted, or whether they involve specific targets or are broader in scope, Witnov said. "We don't know if they are searching for the top twenty most wanted criminals or are just scanning," such sites he said. Similarly there is no information on whether such searches are being enabled by automated information gathering and data visualization tools.

One of the articles talks about the Secret Service immediately spotting the opening of social network account by a fugitive. The fact that it was "immediately spotted" is interesting, Witnov said. "That phrasing might mean nothing, or it might suggest they spotted it immediately because they had a software program constantly monitoring or looking for certain people. We would certainly like to know the answer to that," he said.

Click here to read the article in its entirety.

Now these are some questions I would LOVE to get the answer to, like just what are the federal guidelines on the use of social-networking sites? What are, if any, the manuals or materials that are used to guide government authorities when they decide to make a request about accessing say, an individual's Facebook page? Similarly, what kind of tools are these government agencies using to gather this data (like how did they know a "criminal" had JUST opened a Facebook page?)?

This lawsuit strikes at the heart of all kinds of fundamental constitutional issues and questions we must begin to address and debate. Who owns OUR data? What does it take for "authorities" to access that data? What criteria are these companies using to decide whether to give up our information or not?

Cheers, once again, to EFF and the Samuelson Clinic for their tireless work. And a reminder to everyone to check out the ACLU'S DotRights campaign.

No comments: