Apple Drops Legal Threat Against Web

Apple dropped its threat of a lawsuit against BluWiki, a Web site that hosted discussions about how to use iPods and iPhones without the company’s iTunes computer software.¹²⁹ Apple said in a July 8 letter to BluWiki’s attorneys at the Electronic Frontier Foundation (EFF) that it would not pursue a lawsuit because it no longer uses the software code that was mentioned on the Web site, therefore the code “is no longer of any harm or benefit to anyone.”¹³⁰ Apple had original alleged the BluWiki violated anti-circumvention measures of the Digital Millennium Copyright Act, 17 U.S.C. § 1201.

EFF lawyer Fred von Lohmann believes Apple did not have a credible claim under the statute. “Apple’s threats were clearly designed to censor pure speech – there was no software there, there were no tools, there were no hacking devices – this was just people talking,” he said. “Apple was well beyond the statute when it made these threats, and apparently they think so now too.”¹³¹ After Apple dropped its threat, EFF and OdioWorks, the company that runs BluWiki, dropped their lawsuit against Apple that sought a declaratory judgment vindicating the free speech interests of BluWiki and its users.¹³²

III. GOVERNMENT AND PRIVATE SECTOR SURVEILLANCE AND DATA MANAGEMENT
A. Unclassified Report on U.S. Wiretapping
A government review of the Bush administration’s wiretapping program raised questions about its legality and found that its effectiveness in fighting terrorism was unclear. Congress mandated the report last year, which was produced by the inspectors general of five federal agencies and released to the public on July 10, 2009.¹³³

The report does not describe specific intelligence activities other than to refer to the “Terrorist Surveillance Program.” The administration acknowledged in December 2005 that this program included the interception without a court order of some international communications in which there was “a reasonable basis” to believe that at least one party was a member of al-Qaida or its affiliates. The program was implemented following the attacks of Sept. 11, 2001.

The report was the result of about 200 interviews with government and private sector personnel, most of whom were former or current senior government officials. Many key figures in the surveillance program – former Attorney General John Ashcroft, Central Intelligence Agency director George Tenet and deputy assistant attorney general John Yoo – either declined to be interviewed or did not respond to interview requests.

1. Critical of Reauthorization Memos

The report criticized John Yoo, the deputy assistant attorney general who was granted access to the surveillance program and wrote what are known as “scary memos” that justified the administration in reauthorization the program every 45 days. Department of Justice (DOJ) officials doubted the “factual and legal basis” for Yoo’s memos because he incorrectly interpreted the Foreign Intelligence Surveillance Act of 1978 (FISA) as inapplicable to wartime operations, according to the report. DOJ officials pointed out that Yoo failed to analyze a FISA provision¹³⁴ that allows the interception of electronic communications for 15 days following a congressional declaration of war, meaning it is possible Congress intended FISA to apply to wartime.

Yoo characterized FISA as providing a “safe harbor for electronic surveillance” and that the Fourth Amendment provides the appropriate test for whether the government may carry out warrantless electronic surveillance, the report said. Yoo responded to the unclassified report in a July 16 op-ed in The Wall Street Journal in which he labeled FISA “an obsolete law not written with live war with an international terrorist organization in mind.”¹³⁵ Yoo accused the five inspectors general of “responding to the media-stoked politics of recrimination, not consulting the long history of American presidents who have lived up to their duty in times of crisis.”

Jay Bybee, Yoo’s boss at the time, told investigators he did not know that Yoo had worked on the surveillance program, the report said. Some senior DOJ officials criticized the unusual practice of having one attorney write a memo for the program when the office traditionally has multiple attorneys review all legal analysis the office issues. The DOJ found that limiting the number of personnel who had direct knowledge of the program created several problems, including preventing the DOJ from “adequately reviewing the program’s legality during the earliest phase of its operation.”

The plaintiffs argued that by amending FISA to grant the companies immunity, the government stripped them of any forum for their dispute to be heard. However, Vaughn found that the plaintiffs can still seek action against “governmental actors and entities who are, after all, the primary actors in the alleged wiretapping activities.”¹³⁸ Walker’s ruling did not apply to a handful of cases and he scheduled a Sept. 1, 2009, hearing to listen to arguments from the Al-Haramain Islamic Foundation, an Oregon non-profit corporation, about the merits of its suit against the government over the warrantless wiretapping program.¹³⁹

On Aug. 20, 2009, Southern District of New York Judge John G. Koeltl dismissed the lawsuit because he determined that the plaintiffs lacked standing to attack the FISA Amendments Act as unconstitutional.¹⁴² “The plaintiffs fear that their international communications will be monitored under the [Act]. They make no claim that their communications have yet been monitored, and they make no allegation or showing that the surveillance of their communications has been authorized or that the Government has sought approval for such surveillance,” Koeltl wrote in his order dismissing the lawsuit.¹⁴³ Koeltl noted that the FISA Amendments Act itself “does not authorize surveillance of the plaintiffs’ communications.”¹⁴⁴

The uncertainty of precisely what information government intelligence agencies and law enforcement are legally allowed to collect continues to bother some privacy advocates. “For example, right now it is perfectly legal, without any question, for the government to collect every telephone call, every e-mail, every communication in the world – as long as it can claim credibly that some part of the communication involves a person outside of the United States,” said Fred Cate, the director of the Center for Applied Cybersecurity Research at Indiana University.¹⁴⁵

Palantir Technologies, a Silicon Valley company, claims it has developed technology that tracks the personal information and communications these entities collect so that it eliminates the problem of choosing between fighting terrorism and protecting civil liberties. The system works by tagging certain information “so the only people who can see it are those who are allowed to see it, so it takes care of the problem,” Palantir CEO Alex Karp told National Public Radio.¹⁴⁶

As an example of how the technology can safeguard one’s privacy, Palantir executives pointed to an incident in Massachusetts in which law enforcement personnel searched for information on New England Patriots quarterback Tom Brady 968 times, looking for such things as his home address, driver’s license photo and whether he owned a gun.¹⁴⁷ Bob McGrew, director of engineering for Palantir, claims law enforcement would not have been able to carry out the search surreptitiously if they were using Palantir’s system because of its privacy control. “When some of these officials were looking at Tom Brady’s data, they would be leaving a trail. It is all captured in a long that you don’t need to be a technical guy to understand,” McGrew told NPR. “A compliance officer or a civil liberties group would be able to see exactly who was looking at what information.”

The Federal Bureau of Investigation, Central Intelligence Agency, Defense Department and New York Police Department have started using Palantir’s technology to analyze their intelligence data, according to the NPR report.
D. Google Street View Seen as Privacy Threat
Google Street View has raised privacy concerns, particularly in Europe where Google has to navigate numerous data protection agencies in countries that view privacy as a fundamental human right. Street View has been criticized because of the danger that the offshoot of the Internet search engine will post unflattering images of passersby or facilitate crime by allowing would-be criminals an advance look at a neighborhood. Introduced in May 2007, Street View is part of Google Maps and permits users to see and navigate within 360-degree street level images of a number of areas throughout the world, primarily in densely populated areas. Google obtained the images by using drivers who traversed the city streets in vehicles equipped with continuously filming digital panoramic cameras.
1. Privacy Safeguards in Place
In order to safeguard privacy, Google blurs faces and license plate numbers captured in the images and includes an option for those who object to the content of an image to have it removed from Street View. Once a user is on the offending image within Street View, users can click on the “Report a problem” link in the lower left portion of the page. That takes users to a screen that asks for the nature of the concern. Under the privacy category, users can request that images of their face (or that of their children) be removed along with pictures of their homes or automobiles. This includes images that have already been blurred. Users can also request that pictures of faces and license plates be blurred. The page includes space to describe the nature of the problem and an image tool to focus on the specific part of the picture that is the source of the complaint.
2. Street View in Europe
Street View has received the most scrutiny in Europe, where Google has been temporarily banned from collecting images in some countries or threatened with sanctions if it did not comply with privacy laws. However, the criticism appears to be subsiding after Google pledged to apply the same privacy protection standards in Europe that it uses with Street View in the United States. In addition, Google has coordinated with the Article 29 Working Party, which represents 27 European data protection authorities, to extend additional privacy safeguards.

Those measures, according to Peter Fleischer, Google’s global privacy counsel, include providing advance public notice about when and where Google will be capturing images and taking steps to avoid holding onto the “unblurred” original images any longer than is needed. Fleischer explained in a blog post that Google is still perfecting its technology to avoid “false positives,” or blurring portions of images that pose no privacy threat, but that the company is committed “to determine the shortest retention period that also allows for legitimate use under EU laws.”¹⁴⁸

The Information Commissioner’s Office, the main privacy watchdog in the United Kingdom, concluded that Street View does not violate the UK’s Data Protection Act of 2008 as long as Google blurs faces and license plate numbers. David Evans, senior data protection practice manager for ICO, likened the images used on Street View to those of people walking past reporters on television, images taken “without their consent, but perfectly legally.”¹⁴⁹ Evans also said that “it is not in the public interest to turn the digital clock back. In a world where many people tweet, facebook and blog it is important to take a common sense approach towards Street View and the relatively limited privacy intrusion it may cause.”¹⁵⁰

Google has had its share of run-ins with collecting Street View images. In May 2009, the Data Protection Authority in Greece blocked Google from capturing images in the country until it provided clarification on its measures to protect privacy, including how long it stores images.¹⁵¹ In Germany, the country’s highest ranking data official threatened sanctions against Google if it did not alter its practices to conform to German privacy laws, which prohibits the dissemination of photos of people or their property without their consent.¹⁵² In response, Google agreed to erase the raw images of faces, house numbers and license plates after they have been processed.¹⁵³

In addition to Google’s standard policy of blurring faces, Google also vowed to retain the original, unblurred images no longer than is needed to adjust its software that recognizes and automatically blurs sensitive components of images. Jacob Glick, Google Canada’s privacy counsel, said he is confident that Street View was legally compliant and that it would not launch otherwise. As of June 2009, Google was collecting images in 32 Canadian towns. The company had yet to release a planned release date for Street View in Canada.¹⁵⁶

Street View has been credited for helping lead police to arrest twin brothers who were robbery suspects in the Netherlands.¹⁵⁷ In September 2008, a 14-year-old boy told police that he had been robbed of about $230 and his cell phone after two men dragged him off of his bicycle in Groningen, about 110 miles north of Amsterdam. The boy notified police again in March when he saw an image of himself and two men he believed were his attackers on Street View. Police had to send a formal request to Google for the original photo since the faces on Street View were blurred. When police received the original photo, the robbery squad recognized one of the twins and arrested both brothers.

The plaintiffs, Aaron and Christine Boring, lived on a private road north of Pittsburgh and they filed suit when they discovered photos of their residence, outbuildings and swimming pool had been included on Street View. The Borings argued that the road on which they live is unpaved and clearly marked with “Private Road” and “No Trespassing” signs. The couple alleged Google invaded their privacy by taking the photos from their driveway at a point past the signs and then making the photos available to the public.

The court examined the invasion of privacy claim on grounds of intrusion upon seclusion and publicity given to private life. The court found the plaintiffs did not meet the stringent standard under Pennsylvania law of showing that the intrusion was highly offensive and could be expected to cause “mental suffering, shame, or humiliation to a person of ordinary sensibilities.”¹⁵⁸ The Borings did not dispute that they failed to use the available option to have the photos of their property removed from “Street View.” The court noted that the couple had done nothing to restrict access to the images, such as filing the lawsuit under seal. Instead, the suit generated publicity that resulted in even wider dissemination of the Borings’ names and location, leading to re-publication of the Street View images. The opinion mentioned that courts are not frequently asked to consider invasion of privacy claims based on virtual mapping.


E. RFIDs Can Be Tracked
Some privacy groups fear that that the growth of government-issued IDs embedded with radio frequency identification, or RFID tags, could allow the movements of people to be tracked without their knowledge. RFID technology uses radio waves to identify people or objects by reading information contained in a wireless device or “tag” from a distance without making any physical contact or requiring a line of sight.

Government officials assert that the tags will help speed border crossings, protect against counterfeiters and keep terrorists out of the country. However, there is a danger that the unique serial number in each tag could be intercepted while being transmitted. In February 2009, Chris Paget, a self-described “ethical hacker,” used a Motorola reader he bought on eBay to scan the unique serial numbers of several people while driving through San Francisco. “It really does facilitate very wide scale and very long range tracking of people,” Paget said of the RFID tags in a video of his tracking activity that appeared on YouTube.¹⁵⁹