Professional Documents
Culture Documents
Privacy
DAVID ABRAMS*
INTRODUCTION
611
612
v. 49 | 611
happy; as Meatloaf said, two out of three aint bad. 2 So why does my
phone knowing all this information about me make me feel uneasy?
Perhaps it is because I have not told my phone that my wife is in
Dubai, that I ordered a replacement food processor bowl on eBay, that I am
cooking chili tonight, or that I live in Boston and work at Harvard. My
phone figured this all out on its own by reading my email (including the
travel itinerary my wife forwarded to me and the notice eBay sent to let me
know the tracking number of my order), keeping track of my Internet
searches, even those done on a different computer (to know that I am
cooking dried beans), and watching where I go with it each day (to figure
out where I live and work). My phone also constantly keeps track of my
current location to let me know how long it will take me to get home or
what restaurants are nearby. If all this information were being collected
locally in my phone I might not be feeling so uncomfortable, but I know it
is being accumulated and stored in servers at Google, eBay, Amazon, and
elsewhere in the cloud. So information about what websites I look at, what
information I search for, what goods and services I purchase, what I read,
where I go, when I go there, how long I stay there, who I associate with (by
looking at collocation information), and what I take pictures of (my phone
automatically uploads photos to cloud storage) is being continually
collected, archived, and used in ways I have no control over.
On one hand, this plethora of web services means we all have access to
quantities of information and help in organizing our lives that would have
been impossible fifty years ago without an army of human assistants. At
the same time, the most intimate details about our daily lives are being
vacuumed up, collated, analyzed, and stored, perhaps forever, by the
multiple entities that we rely on to supply convenient access to
information. Because so much of the collection and storage of this data is
hidden from us, it is easy to accept the benefits of this brave new world
without giving much thought to what we might be giving up in exchange.
I.
In his new book, What Stays in Vegas: The World of Personal Data
Lifeblood of Big Businessand the End of Privacy as We Know It (What Stays in
Vegas),3 Harvard Fellow Adam Tanner opens a door into this massive
collection of personal data and how it is used to enrich the data brokers
who collect it. As Tanner explains, personal data allows merchants to target
MEATLOAF, Two Out of Three Aint Bad, on BAT OUT OF HELL (Epic Records 1977).
ADAM TANNER, WHAT STAYS IN VEGAS: THE WORLD OF PERSONAL DATALIFEBLOOD OF BIG
BUSINESSAND THE END OF PRIVACY AS WE KNOW IT (2014).
3
2015
613
their sales efforts much more efficiently, realizing a better return on their
marketing investment. He describes how Caesars Entertainment created a
loyalty program in the late 1990s which enabled it to identify players who
did not spend huge amounts in one visit (which was the method used
previously to identify the best customers), but rather could track players
who only spent moderate amounts per visit, yet returned time and time
again. By using the loyalty card, Caesars knew what games a customer
played, how much they wagered, how much they won and lost, where and
what they liked to eat, and what kind of entertainment they preferred. The
result was a straightforward bargain: customers could choose to identify
themselves by using their Caesars Total Rewards loyalty card and in return
Caesars would offer them special benefits and perks to entice them to
choose its casino rather than others on the Las Vegas strip. With the
information about individual habits provided by the card, Caesars can
offer a player a free buffet if they are having an unlucky day at the slots or
send a desirable customer an offer for a free hotel room and some upfront
cash in free play to entice him or her back to their casino.
II.
614
v. 49 | 611
This visualization was created by the Firefox browser add-on Lightbeam. Lightbeam for
Firefox, MOZILLA, https://addons.mozilla.org/en-US/firefox/addon/lightbeam/ (last visited July
23, 2015). The four sites visited were boston.com, msn.com, imdb.com, and ebay.com.
8 TANNER, supra note 3, at 162 (noting that this type of tracking is revealed only in the fine
print of sites privacy policies and is invisible to most users).
2015
615
Id. at 42.
In an unfortunate decision involving a sex offender registry, the Supreme Court refused
to recognize a difference between data stored in hard copy at an individual location and the
same data available worldwide over the Internet. See Smith v. Doe, 538 U.S. 84, 99 (2003).
10
An individual seeking the information must take the initial step of going
to the Department of Public Safetys Web site, proceed to the sex offender
registry, and then look up the desired information. The process is more
analogous to a visit to an official archive of criminal records than it is to a
scheme forcing an offender to appear in public with some visible badge of
past criminality.
Id.
11 E.g., N.Y. STATE UNIFIED COURT SYS., UNCONTESTED DIVORCE BOOKLET FOR UNCONTESTED
DIVORCES WITHOUT CHILDREN UNDER 21: INSTRUCTIONS AND PRACTICE FORMS 19, available at
http://www.nycourts.gov/litigants/divorce/UCS_DivorceBklt.pdf (Do not write your address,
telephone number, and social security number on this form or on any other form if you want
this information to be secret (confidential)!).
12
13
616
v. 49 | 611
14 See About the Nest Home Report, NEST, https://nest.com/support/article/About-the-NestHome-Report (last visited July 23, 2015).
15 Indeed, if Amazon is interested, it knows when I read, how long I read for, and how fast
I read since it keeps track of the current page number I am reading to synchronize my place
across my several Kindle reading apps on different platforms. It also knows what pages I
bookmark and what passages I highlight. See Help & Customer Service: Sync Across Fire & Kindle
Devices and Apps, AMAZON, http://www.amazon.com/gp/help/customer/display.html?
nodeId=200911660 (last visited July 23, 2015).
16
18
Adrian Chen, A Group of Journalists and Researchers Wade into the Ugly Corners of the
2015
617
It is also possible that de-identified data which currently cannot be reidentified might become decipherable in the future as more and more
correlatable information is posted to Facebook, Linkedin, or other public
Internet sites. In addition, as the amount of data available increases, so
does the ability of technology to identify that data. As far back as 2001,
facial recognition software was used to match facial images collected by
surveillance cameras at the Florida site of the Super Bowl with images in a
photographic database of known criminals.19 Facebook has perfected this
technology to the point where it can identify two images as being the same
person with nearly the same accuracy as a human. 20 Use of facial
recognition software could allow data brokers to compare pictures from
image sharing sites or public databases with surveillance cameras to track
an individuals movements over time.
IV. They Know Where You Are
Of course, there is no need to wait for the future if present technology
already provides data brokers with the information they are looking for.
Beginning in 1998, FCC rules required wireless providers to provide
precise location information of callers to Public Safety Answering Points,
such as calls to 911 emergency services. 21 Handset manufacturers
responded by incorporating GPS receivers and other location technology in
new cell phones.22 While modern smartphone operating systems allow
location information to be disabled for non-emergency use, users have
become dependent on location-based apps for maps, directions,
ridesharing, traffic information, and locating the nearest stores and
Internet to Expose Racists, Creeps, and Hypocrites: Have They Gone Too Far?,TECH. REV. (Dec. 18,
2014), http://www.technologyreview.com/photoessay/533426/the-troll-hunters/.
19 See, e.g., Use of Facial Recognition at Super Bowl and in Tampa, AM. CIV. LIBERTIES UNION
(Nov. 27, 2001), https://www.aclu.org/technology-and-liberty/use-facial-recognition-superbowl-and-tampa (showing multiple letters discussing facial recognition usage); Vickie
Chachere, Biometrics Used to Detect Criminals at Super Bowl, ABC NEWS (Feb. 13, 2001),
http://abcnews.go.com/Technology/story?id=98871.
20 See YANIV TAIGMAN ET AL., DEEPFACE: CLOSING THE GAP TO HUMAN-LEVEL
PERFORMANCE IN FACE VERIFICATION, available at https://facebook.com//download/
233199633549733/deepface.pdf (last visited Aug. 25, 2015).
21 See 47 C.F.R. 20.18(d)(e); see also FEDERAL COMMUNICATIONS COMMISSION, CONSUMER
GUIDE: 911 WIRELESS SERVICES (Feb. 4, 2015), available at http://transition.fcc.gov/
cgb/consumerfacts/wireless911srvc.pdf.
22 Notice of Proposed Rulemaking, Third Report and Order, and Second Further Notice of
Proposed Rulemaking, FCC 11-107, at 8 (released July 13, 2011), available at
https://apps.fcc.gov/edocs_public/attachmatch/FCC-11-107A1.pdf.
618
v. 49 | 611
23 See Kathryn Zickuhr, Three-Quarters of Smartphone Owners Use Location-Based Services, PEW
RES. CENTER (May 11, 2012), http://pewinternet.org/Reports/2012/Location-based-services.aspx
(noting that 74% of smartphone owners use at least one location-based service and the
proportion of Americans using location-based information increased from 23% in May 2011 to
41% in February 2012); see also SANORITA DEY ET AL., ACCELPRINT: IMPERFECTIONS OF
ACCELEROMETERS
MAKE
SMARTPHONES
TRACKABLE
5
(2014),
available
at
http://www.internetsociety.org/sites/default/files/03_2_1.pdf (suggesting that the individual
characteristics of the accelerometers used in smartphones may make it possible to track user
location even if location services are disabled).
24 One danger of this type of electronic information is the tendency to assume it is infallible.
The right-most-position dot near the Boston Opera House label is incorrect. My actual route
should have placed it on the circled 28 between the Public Garden and the Boston Common.
See Figure 2.
25 See
Location in Google Settings, GOOGLE, https://support.google.com/accounts/
answer/3118687?hl=en (last visited Aug. 25, 2015). When location services are enabled on
iPhones, location information is stored locally in the phone as well as transmitted along with
travel speed and direction to Apple to provide . . . geographically relevant iAds. See
Understanding Privacy and Location Services on iPhone, iPad, and iPad Touch with iOS 8, APPLE,
http://support.apple.com/en-us/HT203033 (last visited Aug. 25, 2015).
2015
619
26
See Steve Orr, Using Police-Style Systems, Company Tracks Autos then Sells the Data, BOS.
GLOBE (Nov. 3, 2014), http://www.bostonglobe.com/business/2014/11/03/license-plate-dataraises-privacy-concerns/FIYslPkMEZgin5hvnp6zvK/story.html.
27 See @pukingmonkey, The Road Less Surreptitiously Traveled, Presentation at the
DefCon 21 Hacking Convention (Aug. 14, 2013), available at https://www.defcon.org/
images/defcon-21/dc-21-presentations/Pukingmonkey/DEFCON-21-Pukingmonkey-TheRoad-Less-Surreptitiously-Traveled-Updated.pdf; Kashmir Hill, E-ZPasses Get Read All over
New York (Not Just at Toll Booths), FORBES (Sept. 12, 2013, 4:44 PM), http://www.forbes.com/
sites/kashmirhill/2013/09/12/e-zpasses-get-read-all-over-new-york-not-just-at-toll-booths/.
620
v. 49 | 611
28
32
Id.
MAJORITY STAFF OF S. COMM. ON COMMERCE, SCI., & TRANSP., OFFICE OF OVERSIGHT &
INVESTIGATIONS, A REVIEW OF THE DATA BROKER INDUSTRY: COLLECTION, USE, AND SALE OF
CONSUMER DATA FOR MARKETING PURPOSES 5-8 (Dec. 18, 2013), available
33
2015
621
35
622
v. 49 | 611
personal data sources. The trend toward biometric monitoring40 and smart
home accessories41 along with individualized access to music, movies,
television, and other entertainment sources from smartphones and smart
TVs provides marketers with an ever-increasing detailed view of our
private activities and our likes and dislikes. The Chairwoman of the FTC
recently warned that in the near future many, if not most, aspects of our
everyday lives will leave a digital trail that will present a deeply
personal and startlingly complete picture of each of usone that includes
details about our financial circumstances, our health, our religious
preferences, and our family and friends.42
VII. Statutory Protections are Spotty
Currently, this accumulation of digital data is covered by a
hodgepodge of federal and state consumer privacy protection laws that
provide significant safeguards for some types of information while leaving
other consumer data fair game for marketers. The Fair Credit Reporting
Act of 1970 (FCRA)43 limits disclosures of consumer credit reports and
40 See, e.g., Aria, FITBIT, https://www.fitbit.com/aria (last visited July 27, 2015) (offering a
scale that tracks weight, fat percentage, and body mass index and syncs with online tools);
Charge HR, FITBIT, https://www.fitbit.com/chargehr (last visited July 27, 2015) (offering a
connected wristband that tracks heart rate, calories burned, floors climbed, and amount of
sleep); iHealth, IHEALTHLABS, http://www.ihealthlabs.com/ (last visited July 27, 20015) (offering
wireless blood pressure and glucose monitors); Muse: The Brain Sensing Headband,
CHOOSEMUSE, http://www.choosemuse.com/ (last visited July 27, 2015) (offering a Bluetooth
connected brain sensing headband); Sensoria, SENSORIAFITNESS, http://www.sensoria
fitness.com/ (last visited July 27, 2015) (offering smartphone connected socks).
41 See, e.g., August Smart Lock, AUGUST, http://www.august.com/ (last visited July 27, 2015)
(offering a remote smartphone-controlled door lock); Nest, NEST, https://nest.com/ (last visited
July 27, 2015) (offering Internet connected thermostats and smoke alarms); Skybell, SKYBELL,
http://www.skybell.com/ (last visited July 27, 2015) (offering a smartphone connected
doorbell); Smart Meter, PGE,
http://www.pge.com/en/myhome/customerservice/
smartmeter/index.page (last visited July 27, 2015) (describing smart electric and natural gas
meters which record usage in fifteen minute increments).
42
Fair Credit Reporting Act, Pub. L. No. 91508, 601, 84 Stat. 1128 (1970).
2015
623
44
46
48 15 U.S.C. 650106 (2012) (limiting commercial online services ability to collect and
disclose information from children under thirteen years old).
49 Electronic Communications Privacy Act of 1986, Pub. L. No. 99508, 100 Stat. 1848 (1986)
(codified as amended at 18 U.S.C. 251022 (2012)) (prohibiting overall interception of
electronic communications, albeit with many exceptions).
50
Cable Communications Policy Act of 1984, Pub. L. No. 98549, 98 Stat. 2779 (1984)
(codified as amended at 47 U.S.C. 551 (2012)) (limiting disclosure of personally identifiable
information and the viewing habits by cable operators of their subscribers).
51 See generally Joseph J. Lazzarotti, The Emergence of State Data Privacy and Security Laws
Affecting Employers, 25 HOFSTRA LAB. & EMP. L.J. 483, 489 (2009) (States have been aggressive
in their enactments to protect the personal information of their residents.).
52
Compare, e.g., N.Y. GEN. BUS. LAW 399ddd (McKinney 2012) (imposing financial
penalties for misuse or improper disclosure of Social Security numbers), with 201 MASS. CODE
REGS. 17.00 (2015) (establishing minimum standards to be met in connection with the
safeguarding of personal information contained in both paper and electronic records).
624
v. 49 | 611
53 See, e.g., MASS. GEN. LAWS ch. 93H, 1 (2010); R.I. GEN. LAWS 1149.25(c) (2014);
CONN. GEN. STAT. ANN. 36a701b(a) (West 2015).
54 See, e.g., MASS. GEN. LAWS ch. 93H 3 (2010) (requiring notification of any data breach
which includes a residents name and SSN, drivers license number or a financial account
number and password or an account number alone if it would allow access to the account);
R.I. GEN. LAWS 1149.23 (2014) (limiting disclosure to similar unencrypted personal
information); CONN. GEN. STAT. ANN. 36a701b(a) (West 2015) (same).
55 Netflix, however, might be subject to the constraints of the Video Privacy Protection Act
of 1988. See Complaint at 2, 22, Doe v. Netflix, Inc., No. C0905903JWPVT (N.D. Cali. Dec. 17,
2009) (claiming Netflixs release of de-identified customer rental records was a violation of the
VPPA).
56 Michael D. Shear & Natasha Singer, Obama to Call for Laws Covering Data Hacking and
Student Privacy, N.Y. TIMES, Jan. 12, 2015, at A10.
57 See The Personal Data Notification & Protection Act, Sec. 1(h), WHITEHOUSE.GOV,
http://www.whitehouse.gov/sites/default/files/omb/legislative/letters/updated-data-breachnotification.pdf (last visited July 27, 2015) (citing proposed legislation).
58 See Shear & Singer, supra note 56.
59 See Press Release, Office of the Press Secretary, The White House, Fact Sheet:
Safeguarding American Consumers & Families (Jan. 12, 2015), available at
http://www.whitehouse.gov/the-press-office/2015/01/12/fact-sheet-safeguarding-american-
2015
625
consumers-families; see also THE WHITE HOUSE, CONSUMER DATA PRIVACY IN A NETWORKED
WORLD: A FRAMEWORK FOR PROTECTING PRIVACY AND PROMOTING INNOVATION IN THE
GLOBAL DIGITAL ECONOMY iii, 45 (Feb. 23, 2012), available at http://www.whitehouse.gov/
sites/default/files/privacy-final.pdf [hereinafter CONSUMER DATA PRIVACY].
60 The Presidents 2012 framework recommended a multi-stakeholder process to develop
enforceable codes of conduct from the general principles that implement the Consumer
Privacy Bill of Rights. Even assuming that the current Republican Congress is willing to
consider the Presidents proposal, I would not expect the most restrictive provisions of the
proposal to be enacted given the power and access to Congress that business lobbyists hold.
61 See FEDERAL TRADE COMMISSION, FTC REPORT: PROTECTING CONSUMER PRIVACY IN AN
ERA OF RAPID CHANGE, at 72 (Mar. 2012), available at http://www.ftc.gov/sites/
default/files/documents/reports/federal-trade-commission-report-protecting-consumerprivacy-era-rapid-change-recommendations/120326privacyreport.pdf [hereinafter FTC 2012
REPORT].
62 Id. at 73.
63 See, e.g., In re Google Inc., FTC Docket No. C-4336 (Oct. 13, 2011) (Decision and Order)
(settling claim that Google failed to explicitly obtain consumer consent for enrollment in
Google Buzz in violation of its privacy policy), available at http://www.ftc.gov/sites/
default/files/documents/cases/2011/10/111024googlebuzzdo.pdf; In re Facebook, Inc., FTC File
No. 092 3184 (Nov. 29, 2011) (Proposed Consent Order) (settling, inter alia, claim that Facebook
failed to disclose that user set restrictions on profile information did not apply to third
parties),
available
at
http://www.ftc.gov/sites/default/files/documents/cases/2011/11/
111129facebookanal.pdf; In the Matter of Snapchat, Inc., FTC Docket No. C-4501 (Dec. 23,
2014) (Decision and Order) (settling claims that Snapchat misrepresented the extent to which a
626
v. 49 | 611
consumers a choice before collecting data for practices that are consistent
with the context of the transaction or the companys relationship with the
consumer . . . . 64 The FTC also finds acceptable a take-it-or-leave-it use
of a companys product or service contingent on acceptance of the
companys data practices as long as the terms of the agreement are
transparent and fully disclosed and there are sufficient alternatives in the
marketplace.65
IX.
message is deleted after being viewed by its recipient and requiring Snapchat to implement a
comprehensive privacy program and obtain twenty years of biennial third-party privacy
assessments),
available
at
http://www.ftc.gov/system/files/documents/cases/
141231snapchatdo.pdf.
64 FTC 2012 REPORT, supra note 60, at 48.
65 Id. at 52.
66 See, e.g., In re Sony Gaming Networks and Customer Data Security Breach Litigation, 903
F. Supp. 2d 942, 942 (S.D. Calif. Oct. 11, 2012) (Settlement Agreement); In re Target Corp.
Customer Data Sec. Breach Litigation, No. 142522, 2014 WL 7192478 (D. Minn. Dec. 18, 2014)
(denying motion to dismiss in breach involving about 110 million Target customers);
Anderson v. Hannaford Bros. Co., 659 F.3d 151, 154 (1st Cir. 2011) (involving theft of 4.2
million customer credit card numbers).
67 See, e.g., Hendricks v. DSW Shoe Warehouse, Inc., 444 F. Supp. 2d 775, 777, 783 (W.D.
Mich. 2006) (cost of identity theft insurance to prevent future unauthorized use of stolen
information constitutes [n]either actual damages or a cognizable loss in a breach of contract
claim); Smith v. Chase Manhattan Bank, USA, 741 N.Y.S. 2d 100, 102 (N.Y. App. Div. 2002)
(even though bank sold private information to telemarketers in violation of written agreement
with customers, being offered products which can be declined is not harm under the state
consumer protection statute nor is emotional distress recoverable in breach of contract claim);
Whitaker v. Health Net, Inc., No. 11-cv-00910-KLM-DAD (E.D. Calif. Jan. 20. 2012) (Order)
(dismissing action against defendants for loss of disk drivers containing health information on
800,000 California residents because plaintiffs failed to allege they suffered any injury in fact
and thus lacked standing to proceed with the lawsuit).
68 See Stollenwerk v. Tri-West Healthcare Alliance, No. 03cv00185PHXSRB (D. Ariz.
June 10, 2008) (Order) (denying class certification because of lack of typicality and
predominance).
2015
627
69 Id. at 68 (noting that even though the named plaintiff had suffered identity theft, he
has not alleged that he was held liable for any of the unauthorized charges, that his credit
rating was negatively affected, or that he suffered any compensable damages). The parties in
Stollenwerk dismissed the action with prejudice less than two months after class certification
was denied. Id. at 8.
70 See, e.g., In re TJX Cos, Retail Sec. Breach Litigation, 564 F.3d 489, 49899 (1st Cir. 2009)
(affirming dismissal of negligence claims based on the Massachusetts economic loss rule); In re
Target Corp., 2014 WL 7192478, at *20 (holding that the economic loss rule bars plaintiffs
negligence claims in five states).
71 In an analysis of 230 federal data breach lawsuits over a ten-year period, researchers
determined that the mean value per plaintiffs in twenty-eight cases in which they were able to
obtain settlement data was $2,500 and the mean attorneys fees paid were $1.2m. In addition,
Cy press awards ranged from $50k to $9.5m. See Sasha Romanosky, David Hoffman &
Alessandro Acquisti, Empirical Analysis of Data Breach Litigation, 11 J. EMPIRICAL L. STUD. 74,
100 (Apr. 6, 2013), available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1986461.
72 The nonprofit Privacy Rights Clearinghouse estimates that over 919 million records have
been disclosed in 4270 breaches within all types of organizations since 2005. See, e.g.,
Chronology
of
Data
Breaches,
PRIVACY
RIGHTS
CLEARING
HOUSE,
https://www.privacyrights.org/data-breach/new (last visited July 27, 2015); see also Michael J.
Moore, Morgan Stanley Fires Worker Accused of Stealing Client Data, BLOOMBERG (Jan. 5, 2015),
http://www.bloomberg.com/news/2015-01-05/morgan-stanley-fires-employee-accused-ofstealing-client-data.html (describing the theft of 350,000 client records); Steven Musil, Sony
Hack Leaked 47,000 Social Security Numbers, Celebrity Data, CNET (Dec. 4, 2014),
http://www.cnet.com/news/sony-hack-said-to-leak-47000-social-security-numbers-celebritydata/.
73
628
v. 49 | 611
CONCLUSION
Ultimately, however, the problem of personal data collection is a direct
result of modern technology that makes more and more individual data
available. At the same time that technology makes it cheaper to store that
data indefinitely. Combined with archaic attitudes that do not recognize
the difference between public records stored in file cabinets and the same
records available instantly anywhere in the world, Tanners suggestions
will only reduce the rate at which our intimate selves are revealed to the
world, not stop it. Unless there is a radical shift in public attitudes and
legislative will power, we may finally be forced to accept Scott McNealys
admonition sixteen years ago that You have zero privacy anyway. Get
over it.74
74 Scott McNealy was the chief executive officer of Sun Microsystems and, at the time, his
statement was considered shocking and controversial. See Polly Sprenger, Sun on Privacy: Get
Over It, WIRED (Jan. 26, 1999) http://archive.wired.com/politics/law/news/1999/01/17538.