Albert Gidari is the Director of Privacy at the Stanford Center for Internet and Society. He was a partner for over 20 years at Perkins Coie LLP, achieving a top-ranking in privacy law by Chambers. He negotiated the first-ever "privacy by design" consent decree with the Federal Trade Commission on behalf of Google, which required the establishment of a comprehensive privacy program including third party compliance audits. Mr. Gidari is a recognized expert on electronic surveillance law; and, long an advocate for greater transparency in government demands for user data, he brought the first public lawsuit before the Foreign Intelligence Surveillance Court, seeking the right of providers to disclose the volume of national security demands received. Mr. Gidari earned an LLM from University of Washington School of Law, his law degree from George Mason University School of Law, and his undergraduate degree from Tulane University.
Hi Res Photo of Albert Gidari
An enormous amount of attention has been paid to the oral argument before the Supreme Court in Carpenter v. United States. The transcript provides tantalizing tea leaves as to whether the Court will find a protectable right to privacy in a cell phone subscriber’s location and many pundits seem to think the day went to Carpenter while I haven’t heard anyone touting a government homerun.
Last month, the Supreme Court of California may have decided the future of the public's access to "smart city" data without knowing it. In ACLU v Los Angeles Police Department, the court accepted that raw data collected by Los Angeles police and sheriff departments, using automated licence plate readers (ALPRs), constituted a public record subject to disclosure under California's Public Records Act (CPRA) absent an exemption. The court held that the catch-all disclosure exemption in the CPRA applied, which requires balancing the public interest in preventing disclosure where certain harms can be identified against the public interest served by disclosure such as furthering the public's understanding of the privacy risks of the ALPR program.
If your cell phone is on, your location is known, tracked and recorded, whether you are in your home or in public. As you move around, your location history is created and stored by the carrier, numerous applications on the device, and potentially even the manufacturer of the device or operating system provider. Your consent to capture this information, whether rough location or very granular, may be tacit, inherent in the application’s usage, or freely given when you activate, install or operate the device.
The House Judiciary Committee held a hearing yesterday on cross-border data requests, featuring testimony from the Department of Justice, the U.K. government, Google, the Center for Democracy and Technology, state law enforcement, and Professor Andrew Woods. Everyone recognizes the problem: law enforcement outside the U.S. can’t get data for their legitimate investigations from U.S.
No one wants to live in a “dumb” city. But I question whether anyone ought to want to live in a really smart city either. I’d prefer to just live in a smarter city -- one that puts my privacy and security first before rolling out ubiquitous sensors and broad-scale data collection in the name of some larger public good.
"Richard Forno, assistant director of the UMBC Center for Cyber Security, noted that researchers have found many companies that use technology like NaviStone's but don't disclose it in their privacy policies.
"It's not surprising that companies are probably violating their own policies because of this," he said. "But then again, who reads the privacy policies? ... People don't even know what privacy policies are sometimes."
"Albert Gidari, the director of privacy for the Center for Internet & Society at Stanford Law School, agreed that most of the bank's efforts with geolocation are “innocuous.”
But he added that the always-on function seems excessive. After all, is calling your bank to tell them you're traveling that much of an inconvenience?
"Unlike internet firms, telephone providers require government licenses to operate and many have signed contractual agreements that mandate cooperation with the government on legal processes, said Albert Gidari, a lawyer who represented phone and internet companies on surveillance issues for 20 years.
Digital rights activists said this fact makes U.S. carriers reluctant to pick privacy fights with the government.
"This is why conversations regarding smart city data collection sometimes miss the point. Albert Gidari, Director of Privacy at the Stanford Centre for Internet and Society, believes focusing on personally identifiable information (PII) is myopic – particularly when there is so much valuable data that can be mined from citizens before you’ve asked for their identity directly.
"Technology lawyer Albert Gidari, director of privacy at the Stanford University Center for Internet and Society, said that in turning over the ads, companies were entering complex legal territory. Ads have long been considered private data on par with email content and other records that the government must have a search warrant to obtain, he said.
The Center for Internet and Society (CIS) is a public interest technology law and policy program at Stanford Law School and a part of Law, Science and Technology Program at Stanford Law School. CIS brings together scholars, academics, legislators, students, programmers, security researchers, and scientists to study the interaction of new technologies and the law and to examine how the synergy between the two can either promote or harm public goods like free speech, innovation, privacy, public commons, diversity, and scientific inquiry.
To celebrate the one-year anniversary of the Stanford Cryptography Policy Project, we are holding an afternoon event highlighting our research and accomplishments over the past year. As our keynote speakers, it is our pleasure to welcome the Honorable Stephen W. Smith, Magistrate Judge of the Southern District of Texas, and Paul S. Grewal, former Magistrate Judge of the Northern District of California.
After a lengthy legislative process, the GDPR is finally ready. As the most significant overhaul of data privacy laws in Europe in twenty years, it will have a profound impact on Silicon Valley technology companies offering online services in Europe. The recently announced Privacy Shield will affect most US organisations that receive personal information from Europe.