An Observation of the Observers: Unmanned Aircraft and Privacy

Last November Senator Ed Markey of Massachusetts introduced the Drone Aircraft Privacy and Transparency Act, which serves to amend the Federal Aviation Administration’s Modernization and Reform Act of 2012. The previous act supplied a set of parameters for the operation of unmanned aircraft in US Airspace; however, in light of the US airspace opening to commercial unmanned aircraft systems (UAS) in 2015, the amendment would establish additional federal standards to preserve individual privacy and keep the public informed on the development of UAS. [1][10] Among the stipulations proposed in the Drone Aircraft Privacy and Transparency Act are explicit disclosure of data collection practices, requirements for the public accessibility of UAS operation information, procedure for obtaining warrants for search with concurrent prohibitions on the sharing of information, and regulatory oversight from the appropriate branches of the federal government. The legislation submitted by Senator Markey serves to promote greater transparency of conduct in unmanned aircraft surveillance, but the actual privacy rule adopted by the FAA is less directly engaged with privacy issues.

At present, the Federal Aviation Administration (FAA) entrusts the enforcement of privacy policies to the operators at UAS test sites. [2] The agency contends that managing extensive privacy protections are out of its regulatory purview, and given the many nuanced–and at times contradictory–concepts of privacy, the agency’s decision to abstain from unilaterally overseeing delineations in privacy necessitates clearer boundaries on the notion. Daniel Solove discusses some of these myriad interpretations of privacy that have been adopted and debated. Solove’s “Conceptualizing Privacy” reveals a web of interrelated constructs such as confidentiality, accessibility, and secrecy. [3] Florida v. Riley 488 U.S. 445 (1989), cited by Solove and directly relevant to the UAS secrecy issues, displayed the court’s ill-defined notion of infringement.[4] In the ruling, the Court held surveillance from the air was not subject to Fourth Amendment protections as navigable airspace is considered a public vantage point. Over two decades later, the sophistication of observation technology and the ability of craft to stay aloft for 16 – 24 hours weakens the Court’s assertion of contextual equivalence.[5]

Unmanned aerial vehicles do not clearly convey of choice according to Nissenbaum’s premise of “informed consent”, whereupon detailed information about surveillance activities will not be served to the public via an FAA database of test site operators. [6][2] This is also evident in the FAA’s current policies, where a) users are not directly conveyed the meaning of privacy requirements and (b) the effect of existing social roles are not part of the overarching contextual inquiry. For domestic drones, the constraints on streams of information are a combined function of technical possibility and the various information flows in different realms (sensor data, cloud computing, archived data, etc.). Another aspect with automated data collection revolves around data privacy because of temporal nature of data. For example, if the real time data from is archived, it can be used for discriminatory targeting especially if the data collected from intelligent drones are combined with advanced correlatives and are fed to a data mining platform. [11] Circumspection and cooperation on part of the users might be useful values when they are integrated in an umbrella data privacy framework. For example, as the Court observed in Katz v. United States, 389 U.S. 347, 351 (1967): “What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection”.[3] These observations must be re-evaluated in new light of changing social norms and pervasive technology environment  to codify effective privacy laws for surveillance state.

Given the complexity of the aforementioned privacy concerns and next year’s advancement of commercial unmanned aircraft systems in US, it is vital that an approach to surveillance be tailored to monitor the activities of drones and drone operators. The far-reaching extent of the current capabilities of the medium must be taken into account. The core principles of privacy could be addressed partially by applying the FTC Fair Information Practice Principles (FIPP) [7] guidelines, in particular the aspects on Notice/Awareness, Choice/Consent, and Access/Participation. Recent FAA actions such as positioning UAS test sites as public institutions are foundational activities towards potent privacy laws.[8] Finally, the Drone Aircraft Privacy and Transparency Act introduced by Senator Markey refers to the OECD’s Guidelines on the protection of privacy and Transborder Flows of Personal Data, citing the principles listed in Part Two of the guidelines, which include principles on the national application of collection, quality, purpose specification, and use limitation of personal data. [9] Recommended practices as enumerated in FIPPs and OECD are bolstered when adhered into legislation, and it is in the interest of government to address privacy compromising practices with rigorous regulation and oversight.


[3] Daniel J. Solove, Conceptualizing Privacy, California Law Review, Vol. 90
[6] Helen Nissenbaum, “A Contextual Approach to Privacy Online,” Daedalus140 (4), Fall 2011
[7] (DHS adoption)

First Amendment Rights and the Ban on FCC’s Net Neutrality

With the public’s increasing reliance on the Internet as a communication channel, there has long been debate on whether the government should treat the Internet Service Providers as common carriers such as telecommunications services. This would treat the Internet as a public utility and thus have it be regulated by the FCC to ensure fair pricing and access. In 2010, FCC adopted a rule that required ISPs to treat all Internet traffic equally, also known as “net neutrality”. However, on January 14, the federal court shot down the FCC’s net neutrality rules. The basis for this decision is that the FCC cannot regulate ISPs as common carriers, because the FCC does not currently classify ISPs as such. This ruling furthers the prevailing view on treating ISPs as private entities. But if ISPs are considered private businesses, how do First Amendment free expression rights come into play on the Internet? Do ISPs, as private businesses offering a paid service, have the right to suppress free speech or block specific content and sites to users?

Similar questions about free speech on private property have come up in the past in cases like Lloyd v Tanner. In Lloyd v Tanner, the Court ruled that private entities are permitted to regulate speech on their own private property as long as it is not providing a public service that a government would have otherwise provided. Here the Court rules in favor of protecting private property rights in the Fifth Amendment. In such cases where expressive conduct is occurring on private property that carries a public nature (like shopping plazas), the Court is always treading the middle ground to balance First Amendment rights and Fifth Amendment rights. The test to apply from Lloyd v Tanner in this case is to see whether or not ISPs provide a service to the public for general purposes. The tricky issue here is that ISPs provide a wide variety of content to their users, including both private and public services. E-commerce websites provide a service that is very similar to a shopping mall. The site has a special designated purpose to invite users to come and purchase their products. On the other hand, governmental websites provide important public services such as submitting tax forms online and signing up for healthcare plans. If ISPs chose to slow down the speed of traffic for these sites or block its contents, this would provide a great hindrance of the government’s function. Because ISPs provide access to a variety of content that is both private and public and with the public’s increasing reliance of the Internet as a communication channel,  ISPs should be classified as a telecommunications service and regulated by the FCC to ensure open access and fair prices. According to the Lloyd v Tanner case, ISPs do provide a significant public service to be classified as common carrier and be required to uphold First Amendment rights.

In Verizon’s appellate brief, it argues that the Open Internet Order deprives broadband network owners like Verizon of their First Amendment rights “by stripping them of control over the transmission of speech on their networks.” In this latest ruling, however, the Court did not rule on Verizon’s First Amendment challenge because the disposition of the case (based on FCC’s lack of standing to impose net neutrality policies on information service providers) rendered it unnecessary. Therefore, it remains an open academic question as to whether information service providers like Verizon have the First Amendment right to promote and publish content and to exercise editorial discretion, and whether authorities like the FCC meet the tests to restrict that right should it choose to. In its appellate brief, Verizon maintains that in restricting broadband network providers’ manner in transmission of speech, the Open Internet Order must be subjected to the O’Brien test; that is, the restriction must be content-neutral, related to a substantial government interest, and narrowly tailored. Verizon argues that the FCC fails to meet its burden. In its respondent’s brief, the FCC argues that broadband providers are not entitled to First Amendment protections because broadband providers are merely “conduit of speech” for others.



23andMe and First Amendment

23andMe is a personal genetics company that has been providing customers with information about ancestry and inherited traits based on their DNA samples since 2006. They discontinued part of the their service as of November 22, 2013 after receiving a warning letter for the US Food and Drug Administration. In this letter [1], FDA stated that Personal Genome Service they offer is considered a device, and they feel concerned that the use of 23andMe analysis results may put the customers at risk. FDA ordered 23andMe to “discontinue marketing the PGS” and inform FDA of their action plan. Two weeks after receiving the warning letter, 23andMe released a statement [2] on their website announcing that they will not provide health related results to their new customers who purchased their kits on or after the date they received the FDA warning letter.

There are a few interesting aspects of this situation that could be addressed in a court case. The first is considering if the data 23andMe collected is protected under the First Amendment. The second is investigating the FDA’s attempts to regulate indirect information. And third is the question of whether there is compelling data to support the FDA’s claim that people “may begin to self-manage their treatments through dose changes or even abandon certain therapies depending on the outcome of the assessment.” [1]

In relation to the First Amendment question, Sorrell v. IMS Health (2011) [4] has several similarities to the 23andMe situation. Sorrell ruled that after data had been legally collected by a private entity (prescriptive data collected by Pharmacies in the Sorrell case) the data was then protected speech under the First Amendment. Therefore the private entity had the right to communicate that data to its customers unless the Government was able to prove that it had compelling interest to stop that communication. It is important to point out that the burden is on the Government to prove that there is a compelling reason for the private entities right to free speech to be restricted. The similarities are striking between the Sorrell case and 23andMe’s situation. 23andMe legally collects and analyzes genetic data. Once the data is compiled it should be considered speech and protected by the First Amendment.

In relation to the FDA’s attempts to regulate indirect information, the court case United States v. Caronia (2012) [4] recently ruled on a related situation. They found that a pharmaceutical salesman was allowed to discuss off-label uses of drugs he was selling with potential clients, which was against FDA regulations at the time, because his speech about the alternate uses of the drugs was protected by the First Amendment. The court found that the communication of this medical information that was not directly approved by the FDA was still protected speech. We can apply the same logic to the medical information being provided by 23andMe to its customers.

Based on first amendment, government may only regulate speech “when it has a compelling reason and does so in a content-neutral way.” In the case of 23andMe, Green and Farahany [5] argue that “the FDA’s precautionary approach may pose a greater threat to consumer health than the harms that it seeks to prevent.”  After reviewing several surveys done on people who received similar health related data, they found that only an insignificant fraction of the participants engaged in potentially dangerous behaviors such as consuming prescription drugs without medical consultation after receiving this information. Also, they did not find any remarkable increase in participants’ level of distress or anxiety. These findings suggest that FDA does not have sufficient data to support its claim about the potential risk of patients misusing their health data.






Snowden, Journalists and the First Amendment

The 2013 disclosure of secret NSA documents to the media by Edward Snowden has renewed questions about First Amendment protections for reporting on leaked information. As explained in the Huffington Post, journalists are protected when publishing stories based on leaked documents, but the source of the leak is not. For someone like Snowden, who illegally obtained and shared classified information with the press, anonymity is often the best form of protection. The statutes and court decisions that protect journalists’ confidential sources say that investigators must “exhaust all alternative means” for finding a leaker before forcing a journalist to name a source. Journalists are also (generally) ethically obligated to protect their sources, and thereby would have to go against the investigator’s wishes. So those statutes make sense, in saving investigators and journalists some time and hassle. However, since Snowden is not an anonymous source, that aspect doesn’t quite apply, but journalists are still protected in publishing the leaked material.

One of the landmark cases protecting the freedom of the press to publish classified information is New York Times Co. v. United States (1971). President Richard Nixon had exercised executive authority to stop the New York Times from printing the classified Pentagon Papers, and the question came to the court of whether or not the government’s interest in protecting the classified information superseded First Amendment protections of the free press. The court ruled in favor of the New York Times, though there was not consensus among the justices on the reasoning behind it, and many concurring and dissenting opinions were published. Some justices felt that the case was decidable from the absolute superiority of the First Amendment to government interests of security, while others felt that “an enlightened citizenry” is the only balancing power against relatively unchecked executive powers.

While the New York Times v. United States decision weighed First Amendment protections for the freedom of the press against national security concerns, it did not delve into how the information in question was obtained by the press. In Bartnicki v. Vopper (2001), the question arose whether First Amendment protection is afforded to speech that discloses the contents of an illegally intercepted communication. In that case, a third party intercepted a cell phone conversation between the president of a teachers union and Bartnicki, a negotiator for that union. A recording of the conversation was delivered to local radio stations, and was played on air by Vopper, a commentator critical of the union negotiations. The court decided that First Amendment protection did extend to Vopper’s playing of the recording even though it was illegally obtained by a third party, concluding that “a stranger’s illegal conduct does not suffice to remove the First Amendment shield from speech about a matter of public concern.” The fact that the disclosed information was of public interest was critical in both the New York Times case and the Bartnicki case.

Even with this case history protecting journalist disclosure of classified information, there are always concerns about whether the current administration will try to abridge freedom of the press in some way. According to the First Amendment Center, President Obama issued a statement saying that journalists should not be prosecuted for “doing their job,” and that questions about the balance between protecting classified material and ensuring a free press are entirely appropriate. This was in response to questions raised about whether it’s appropriate for a journalist who publishes leaked information to be “treated as a potential criminal.” The question was related to two cases; one where the Associated Press had its phone records secretly subpoenaed, and another where prosecutors obtained a search warrant for the private emails of Rosen, a Fox News reporter as they were looking to identify his source in a story on North Korea. In the Rosen case, an official was indicted for revealing classified information, but Rosen was not charged with anything. While these incidents are troubling, perhaps they should be expected, as it seems that the debate between the freedom of the press and the secrecy of national security information is still being argued.


Protest, Porn, Gangbangers and Ubiquitous Computing

For this week’s blog post, we all had very different takes on the how the reading applied. See below how 4 people can find 4 distinct things interesting and applicable


Meredith- “Dear subscriber, you are registered as a participant in a mass disturbance” – The Protests in Ukraine

One topic in current events that highlights the issues in this week’s readings is the protests currently occurring in Ukraine. Inside the larger story of the protests, there’s another story about privacy and the importance of the “actor network view.” On January 21, the government sent cell phone messages to people standing near the protests around the Parliament building in Kiev that read, “Dear subscriber, you are registered as a participant in a mass disturbance.” [New York Times]

The protests in Ukraine are partially in response to new restrictions on speech and assembly rights. The laws include “extrajudicial shutting down of websites and mandatory licensing of ISP services.” [TNW] The laws in question were established on January 16, after an earlier set of public protests following President Yanukovych’s decision not to sign a free trade agreement with the European Union. According to the author of the New York Times piece, Andrew Kramer, “The phrasing of the message, about participating in a ‘mass disturbance,’ echoed language in a new law making it a crime to participate in a protest deemed violent. [New York Times]

While chilling, the Washington Post claims that this type of text message is easy to send by using records of nearby cell towers. In the US, this information can be requested from providers like Verizon in the form of “tower dumps.” This request trawls the locations of all users around the tower, including non-suspects along with suspects. [Washington Post]

One of the issues that came up in the Weiser and Hong readings was issues of privacy, particularly when people are surrounded by computers in many/all contexts. When you’re passing through rooms with hundreds of computers in them, as Weiser envisions, how can you be sure that you’re only virtually visible to those whom you want to be? Without a policy around how information about cell phone location can be used, which would inform technical implications, information about location is open to abuse.  This issue is also very good example of Clark, Wroclawski, Sollins, and Braden’s “tussle,” in which two actors have different interests: in this case, the Ukrainian government and the protesters. One party has an interested in suppressing and intimidating certain voices, and another has an interest in both open access communication and free movement. What responsibilities do designers have in anticipation of this type of tussle?

Many people have cell phones on them at almost all times, and “cell site location data is considered metadata.” [Washington Post] However, as we discussed in Info 202, one person’s metadata is another person’s data, and in this case is being used to intimidate people within the area of the protests: “This incident highlights how location metadata — contrary to NSA defenders’ claims that such data isn’t sensitive — is incredibly powerful, especially in bulk, and can easily be used by governments to identify and suppress protesters attempting to exercise their right to free expression,” says Kevin Bankston, policy director for the New America Foundation’s Open Technology Institute. [Washington Post]

When Moor talks about computer ethics, he frames it as being a back and forth conversation between technology and our values. What’s the social impact of computer technology? One of his examples is, how do we define a computer program? Once we define it, do we consider it intellectual property to be protected by copyright or an implementation to be protected by a patent? And once we get there, do we as a society still think protecting intellectual property is important? If we decide it isn’t, where do we go from there? There’s still a conceptual gap in what we think of our cell phone location data as it relates to privacy, and what parts of our cell phone usage should be protected as private. The text message in Ukraine shows how a lack of a policy about privacy of phone location data, or an actor who’s able to circumvent that policy, can lead to abuse of information.

Paul- The Open Internet, Freedom of Speech, and Revenge Porn

    One of the major themes in this week’s readings is the importance of openness and freedom of expression on the internet. We generally associate the restriction of information on the internet with either government censorship or large organizations, such as the MPAA, protecting their intellectual property, however, the openness of information online can also be used to abuse individuals who do not have legal teams at their disposal. One type of abuse that has recently been in the news is revenge porn. In essence, this is the posting of explicit pictures or videos without the subject’s consent. Once these pictures or videos are online they can easily spread to many sites and threaten the reputation and professions of the victims(NY Daily News).

    Last week Hunter Moore, who operated on the the more infamous revenge porn sites was arrested (Rolling Stone). Moore was not arrested for posting nude pictures of women without their consent or for encouraging his followers to harass those women. He was arrested on charges of hacking and identity theft. This means that if Moore had limited his website to pictures submitted by angry exes, there would have been no legal repercussions for him.

    Several states, including California have passed laws targeting revenge porn but their effectiveness is questionable as they must contend with concerns over the first amendment. California’s law has been criticized for several loopholes: it does not apply to ‘selfies’, it only applies to people who post the content – not the hosting website, it only applies when there was an agreement of privacy, and there must be intent to cause emotional distress (Forbes). In other words, the law only applies to specific circumstances, requires substantial evidence for successful prosecution, and even then would not necessarily result in the content being removed.

    The court case ACLU v. Mukasey sheds some light on why it is difficult to create a more powerful law. The case struck down the Child Online Protection Act (COPA) in part because its invocation of community standards in defining harmful material was too broad. How could a law define revenge porn? If it is images that contain nudity or are sexual in nature then what would the threshold for nudity and sexuality be that would make the content illegal? This definition would likely come down to the same community standards that courts have found over broad. Even if a law creates an very narrow definition, perhaps images that include exposed genitalia, there is still the issue that there cases when posting this content is legitimate. The Forbes article brings up the case of former New York congressman and mayoral candidate Anthony Weiner, who had explicit photos he had sent to various women leaked to the press. Was that a violation of his rights or was it legitimate evidence for a news story?

    Additionally, in ACLU v. Mukasey, the court found that there are less restrictive alternatives to accomplish the goals of COPA. This would also apply to revenge porn as there are existing ways to combat revenge porn; the problem is that these methods are often onerous for the victims. Victims can copyright offending images and file DMCA takedown requests (Daily Dot), but that requires them to track down sites that are hosting the content and potentially be ready to spend the time and money to take the case to trial if their request is ignored. It is unclear if this burden on individuals is sufficient for courts to allow more aggressive laws.

    At the iSchool, we are usually, and I would say rightly, defenders of free expression and openness on the internet. We should, however, keep in mind the negative effects of this openness and think of ways to make the internet safer for users while maintaining freedom of expression.


Shubham-Ubiquitous computing

Today devices are starting to move to the periphery of our consciousness than ever before. There are belts to help us attain a better posture, there are watches to help us navigate better, there are rings that help us use public transit. We are now a part of the future that Mark Weiser talked about in the article “The computer for the 21st century”.

With this deep integration of computers into our ethos, we are opening the gate to new privacy issues. I would like to compare the lock and key days to where doors are unlocked by sensors, phones, rings and cards. Today as I move around between different building on the UC Berkeley campus I leave behind digital bread crumbs that can be put together narrow down my location and behavioral patterns. There are some interesting information that can be drawn from this data like my favorite place to work, when am I most productive to predicting where I can be found on a particular day of the week or if I am likely to be alone or have company.

Today devices like Lockitron, that can unlock doors using a mobile phone are gaining popularity. When conversations moved from pen and paper to the cloud via the use of email we became susceptible to mass surveillance. Which makes me think when my house key moves to the cloud whom am I inviting into my life.


Janine- The Wireless, Privacy, Transparency and COPA.              

The article, “The Wireless” by Rachel Swann, recently ran in SF Weekly on January 15, 2014 ( This article describes how the NSA, under the guise of the Hemisphere Project, requested massive amounts of call data from phone companies such as AT&T to gain intelligence and evidence against gang members and drug runners; the collection and analysis of this data may have violated the suspects’ 4th amendment rights. The article brings up many interesting issues that relate to some of the themes in the reading this week, specifically: privacy, computer ethics, and three prong strict scrutiny tests.

The facts in the case, US v Ortiz, presented in “The Wireless” article are as follows: In South San Francisco, members of the Nuestra Family gang were suspected of being involved in a drive by shooting against their rival gang, the Sureno gang; 3 people were killed in the drive by, and 6 others were injured. As we’ve all seen on shows like The Wire, most criminals use disposable phones that are hard to trace to a specific individual. To get around the difficulty of tracing disposable phones, investigators got help from the NSA Hemisphere Project. The Hemisphere project collected phone/calling records in masse from phone companies. Then, using big data/analytic techniques, investigators looked for calling behaviors that revealed a pattern of calls being placed at certain times in certain geographic locations to certain places. Once investigators found a common thread that could relate the suspected Nuestra gang members to the drive by shooting, they then officially requested the phone records with an official court subpoena.

Now that details and inner workings of the secret Hemisphere Project are slowly revealed, many privacy advocates feel that the mass collection, analysis, and geolocation tracking of phone record data could lead to invisible abuse; although the mass surveillance Hemisphere Project is targeted at criminals, its possible that the system could be used to target peaceful protesters and other political dissidents. Many feel that the mass collection of phone-data leads to a violation of individuals 4th amendment rights.

In an earlier 1979 case, Smith v. Maryland, the supreme court ruled individuals could not expect a “reasonable expectation of privacy” in regards to their phone data/phone records; data collected by phone companies is not protected by the 4th amendment. Nonetheless, the US v Oritz case brings the current phone privacy policy into a muddle; the added layer of the Hemisphere Project ability to collect geolocation data adds a level of surveillance and complexity that was not present in 1979 Smith v. Maryland case. In 1979, no one ever anticipated that the government/police would have the computing capacity to collect and analyze the publics’ phone record in mass. Perhaps if the court would have known or anticipated these technologies, outcome and policies from Smith v. Maryland case would have been different.

As it stands now, the US v Oritz case has yet to be decided. It will be interesting to see how the court rules in relation to 4th amendment rights. An interesting as aspect of the COPA case that we had to read this week was how the 3rd Court of Appeals used the three pronged strict scrutiny test. To test the lower district court’s ruling, the 3rd Court of appeals set up the following test see if COPA violated the first amendment:

1. COPA is not narrowly tailored to the compelling interest of Congress; 2. The defendant has failed to meet his burden of showing that COPA is  least restrictive and most effective alternative in achieve the compelling interest; 3. COPA is impermissibly vague and overbroad

Although the 1st and 4th amendment deal with very different rights and issues, the above test may also raise some useful and interesting questions when the court evaluates the Hemisphere Project via the US v Oritz case. For instance: Is the Hemisphere project too broad? After all, law enforcement is engaging in a massive phone-record dragnet on all US citizens. Next, Are there other ways that involve less mass surveillance and achieve more effective outcomes that outcomes produced by the hemisphere project? Last, is the Hemisphere project impermissibly vague and overboard in its surveillance of suspects? Under what terms, conditions, and circumstances (if at all) is it acceptable for law enforcement to use the Hemisphere Project as means to gather evidence on suspected criminals? These are just some of the many things that court will have to think about when it makes it ruling the US v Oritz case.