September 10th, 2014

Apple, Privacy and Law

ApplePayYesterday Apple had its massive product presentation and one of the products it announced was a new pay system for credit cards, Apple Pay. Load the cards into an iPhone, and then just wave them in front of a techno-gadget at the check-out counter and you’re done. Simple.

Why might this be important? Currently, big business is tripping all over itself to gather as much information on you as possible, taking away big chunks of your privacy.

A 2012 New York Times piece on Target explained how, based on the buying patterns of a teenager — unscented lotions, vitamin supplements and other non-pregnancy related products — it knew she was pregnant early on and sent coupons for maternity clothes to her home. Her father was livid. And unaware of his daughter’s state.

Target is obviously not alone in doing everything possible to create massive data banks about you. Data banks that, perhaps, can then be hacked into (or subpoenaed).

Personally, I find myself using cash more and more often, as I cherish my privacy.

But Apple Pay may reverse that direction. According to CEO Tim Cook, the iPhone encrypts the card numbers, and when you make a purchase, the store can’t attach product information to your purchase.

That’s because the store doesn’t even get your name, much less your card number. Hacking the store’s computers should keep the consumer safe (again, see Target, and its loss of 40M credit card numbers).

And even Apple doesn’t get the information. From the Apple website, two key paragraphs:

Apple doesn’t save your transaction information.With Apple Pay, your payments are private. Apple doesn’t store the details of your transactions so they can’t be tied back to you. Your most recent purchases are kept in Passbook for your convenience, but that’s as far as it goes.

Keep your cards in your wallet. Since you don’t have to show your credit or debit card, you never reveal your name, card number or security code to the cashier when you pay in store. This additional layer of privacy helps ensure that your information stays where it belongs. With you.

If this works as planned, it has the potential to (partially) reverse our headlong dumping of personal information about ourselves into the computers of Big Business, both with respect to the items we buy as well as the cards we use.

The less data that exists in the data banks, the less it can be abused.


June 19th, 2014

Amazon’s New Phone, Marketing and Lawyering

AmazonBezosPhoneSo introduced a new phone yesterday. And what does it do? It allows you to point it at some knick-knack you might want to buy and Amazon tells you how much you can buy it for from them.

What is really does, of course, is give yet more information to Amazon and its partners as to your every thought, whim and desire. What does it do for the consumer? Not so much. You can already go to their website, after all, and see what they have.

Here is the problem, which should have been obvious, if it wasn’t already with the big scandal over Edward Snowden and the NSA spying on us: People hate to be spied on.

Google, which started out with a mantra of “Don’t be evil” loves to collect information on you. So too does LinkedIn, which seems to like snooping through your contacts, then using those names to send out spam.

Lawyers should learn from this: Because this is everything you should not do.

Lawyers provide a service; our clients are our mission. When retained, we are supposed to do the job we were hired to do as diligently as possible, not use it as an excuse to find yet more clients. The client comes first.

We’ve seen a few examples in the past, of course. One example was a Chicago criminal defense lawyer using his potential retention by Lindsay Lohan as an excuse to give a press interview. We’ve seen it also with lawyers that place stupid ad damnum clauses in Complaints hoping that they can get their names in the paper.

Except it isn’t about the lawyer. It’s about the client.

So watch Amazon and Google and LinkedIn and learn from them about the stuff you should not be doing.


August 7th, 2013

Can New Protective Order Law Be Used for Facebook Demands?

Facebook-logoThe New York Law Journal has a short article today on an expansion of New York law regarding protective orders from over-reaching discovery (CPLR 3103(a)). Governor Cuomo signed it yesterday.

While it has long been the law that any person from whom discovery is sought may object to a discovery demand, the new amendment now includes objections regarding others who may merely be mentioned in the discovery being sought.

This can, as I’ll explain in a moment, be used to protect against many aspects of Facebook, social media and email demands.

The rationale for the law, however, didn’t have anything to do with Facebook. This is the simple (and quite logical) reasoning from the memo accompanying the bill:

Not addressed [in the current law] is a person about whom records are being subpoenaed from either a party or another nonparty. By way of example, if an accountant is subpoenaed to produce the records of clients who are not parties to the litigation, it is unclear under the present statute whether the non-party clients would have standing to object to the production of their records.

This is easy to understand if an accountant’s records are sought. Just because there may be a lawsuit regarding one aspect of your accountant’s practice, having nothing to do with you, does that mean that your private records should be disclosable? Shouldn’t you at least have standing to object?

The law was proposed by Chief Administrative Judge A. Gail Prudenti and her Advisory Committee on Civil Practice to fill a procedural gap.

But what if Facebook records are sought? These requests are getting more common as the months go by, and I’ve collected a few New York decisions on the matter.

The scenario in which it would come up is easy to foresee: Joe busts his arm in a car collision (not an accident). He writes about it on Facebook. His friends, who have their privacy settings maxed out, respond. Perhaps one of them jokes in a comment or private message, “You been drinking again?”

Are the comments and messages of the friends discoverable? The law here, of course, is not whether those comments may be admissible at trial, but merely discoverable. Can the defense lawyers go on a fishing expedition through the comments and messages of friends and their lives? These friends clearly have an expectation of privacy, as Facebook has explicitly told them so.

It seems to me that this new law can, will, and should, be used to combat over-reaching Facebook demands. Expect to see decisions on this in a year or two.


June 20th, 2013

What Government Data is Public? What is Private?

My last two posts dealt with Freedom of Information requests to state government for data. Both decisions said that governments were allowed to evaluate the release of information based on the reasons for the requests, balancing out the privacy concerns of those whose information was sought.

The  New York decision prohibited the transfer of mugshots and arrest data to a mugshot website (whereupon fees would be charged for their removal), and then a SCOTUS decision came on lawyers’ requests for Department of Motor Vehicle data so that they could solicit people for a class action against auto dealerships.

In other words, some government information can be made public, some remains private, and some is semi-public depending on who does the asking.

Into the comments came a response  from a long-time commenter and mostly-retired software engineer, Old Geezer (a/k/a Tom Cikoski, bio and head shot at the bottom).  I thought it should be elevated to a guest blog, so with his permission, here it is:

In a sense all this talk of public versus private versus private/public versus public/private data becomes mooter by the day. (Mooter?)

The only data that is and typically remains totally private any more is that which has not ever been rendered into electronic form. Any type of data store that is connected to the internet is subject either to innocent revelation (as in “I forgot to PW that folder”) or to deliberate hacking by folks much smarter than the defenders of the data store.

So the particular data store is not internet connected? Well, for those we have individuals called “leakers” these days who take “thumb drives” and trade them, brimming with data, for money, or for publicity.

And to think, Daniel Ellsberg had to stand over a hot copier for hours in order to leak!

It isn’t just ambulance chasers who go after such data, it’s also the pizza parlor down the street that has discovered the putative value of spam email or junk phone calling.

Two years ago we went from land line telephone to VoIP telephone at home. Within months we became the target of multiple daily telemarket and scam calls — so much so that I had to buy a call blocking device to filter them out. Even now, my call blocker, which holds 80 blocked numbers, must be recycled about every six weeks to deal with the new numbers that attack on an almost daily basis.

Don’t even get me started on spam email.

And this all stems from data which, at least in some sense, should be considered private. How do insurance companies know when I reach certain age milestones? They process the DMV data from the state. How do health insurers know my Medicare status? The government supplies everything they need — with a smile.

So, your “private” data is not only subject to public view, but also to public sale as well.

Note that our home number is on the so-called “Do Not Call” list and has been since the beginning. So every one of those annoying phone calls is in some sense illegal. That does not stop the calls. Legality is irrelevant.

And so, great and gallant judiciary, amuse yourselves by fighting that evil data protection windmill. Unless something takes down that mug shot business as a form of extortion, or the ambulance chasing as an ethical violation, the relevant data, IMHO, won’t stop flowing, SCOTUS or not.

old geezer

Tom Cikoski, who considers himself an Old Geezer, is an avid blog reader and sometime blog commenter using that same sobriquet in a variety of fora. Although mostly retired from software engineering, he still consults on IT issues part-time, and also dabbles in film-making, comedy performance, playing drums in a Scottish pipe band, ranting about various topics, and other assorted forms of geezer foolishness.


June 19th, 2013

SCOTUS KOs Lawyers Trying to Use DMV Data To Solicit

Today’s question:  If the government collects information about you, and makes it public to some people, does that mean it has to make the same data available to everyone?

If the question looks familiar it’s because it was the subject of a post I made last week about mugshots and arrest data that a mugshot website wanted to place on the web (so it could then charge people to take the information down). That answer, according to New York trial judge interpreting a local statute, was no due to the privacy interests of the arrestees.

The post gave rise to a spirited debate in the comments on the issue of whether a government could selectively decide who to disclose this semi-pubic data to. In other words, is there such a thing as semi-public data?

And now, just days later, the United States Supreme Court has weighed in with a similar issue. This time it deals with data about the citizenry from departments of motor vehicles. That data is available to attorneys, but not the general public, under a litigation exception in the law..

In Maracich v. Spears, enterprising lawyers figured they could mine the DMV data of South Carolina to find potential clients for a class action against certain car dealers claiming the dealers violated state consumer potection laws.

But not so fast, sayeth our highest court. Just because some people can get the data (lawyers involved in litigation) doesn’t mean anyone can get it simply because they want to solicit others for a lawsuit. Those folks were not involved in litigation, they were trying instead to drum up business to start litigation. In other words, the Supreme Court says that the idea of semi-public information is not a problem.

These were, of course, different statutes being interpreted; the first being New York’s Freedom of Information Law and the second a federal motor vehicle law designed to protect drivers from exposure of private information. But both dealt with issues of privacy for individuals regarding data that the government had, and in both cases that data was being protected from public dissemination the statutes that the courts enforced.

The various governments we elect and live under have tons of data on us, of course, and the issue of what to disclose and who can access it is an ongoing issue.  Who really wants to government, after all, to release all of our social security numbers, tax returns and Medicare records? And yet, sometimes that data can come out, either in individual or aggregated forms to those doing studies.

But just because the government has data that might be public doesn’t mean the public gets it. The privacy rights of the public sit there on the other side of the scale.