Stanford Center for Internet and Society

It’s official: Wired Magazine has placed worrying about privacy on Gmail in the final column marked “expired.” (What’s “wired”? Worrying about privacy on Google Health.) Yet here I am, continuing to fret over Google’s eons-old practice of scanning incoming and outgoing messages in order to display contextual ads.

In my defense, I don’t think some evil Google Adwords employee is sitting in his brightly lit hexagonical reading through my email and twisting an ironic mustache. I recognize that it’s a dispassionate (for now) computer that scans for keywords and selects contextual ads.

My concern has to do with competition: Gmail puts Google’s advertisers in a position to use the content of their competitors’ emails to compete with them.

I notice that Google now has a privacy policy link on its homepage. Congratulations to Marc and others who pushed for this.

It's tempting to view this move cynically as a dragged-out response to a long-standing complaint from the privacy community. My understanding, however, is that there has been internal debate at Google over whether to include a privacy link on the homepage for some time. One argument against such a link is that it conveys the sense that a given company respects privacy, irrespective of the actual content of the policy (which, as we know, often goes unread).

I'm not saying Google did this on purpose, but I think that many more people are likely to click on the privacy link, given that it appeared suddenly on the zealously sparse Google homepage. (Unless, of course, they get distracted by the fireworks.)

Threadbare as it already is, the privacy rubber may not even be meeting the road. A recent study conducted by the Ponemon Institute implies a disconnect between the perception of privacy officers – charged with formulating company policy – and marketing departments – entrusted with actual custody of customer data – with respect to how consumer information may be used.

I imagine the subset of individuals that read the Center's blogs but not, for instance, Boing Boing to be in the (low) single digits. I still could not resist posting this news story about bearded, community-gardening, anti-surveillance activists in Philly whose house was raided, initially without a warrant. In fairness, the facts are disputed: for instance, local police are calling a structure on the top floor of the raided house a possible "bunker," whereas resident Daniel Moffat (pictured) is calling it a definite "greenhouse."

Author and fellow SLS fellow Laura K. Donohue brought this deliciously ironic picture to my attention. Click here for a close up.

If you happen to be in the DC area this week, Laura is speaking on her new book, "The Cost of Counterterrorism: Power, politics, and liberty," at GW Law School on Wednesday, June 11, and the Women's Foreign Policy Group on Friday, June 13.

In arguing for the ongoing constitutionality of the commercial/noncommercial distinction in billboard regulation in the wake of City of Cincinnati v. Discovery Network, I wrote (in 2005) that billboards “can talk and they can listen.” (103 Mich. L. Rev. 1877, 1877). I was referring to the ability of highway billboards to interact with passing motorists by, for instance, eavesdropping on their radio station. No surprise that my three-year-old statement about billboards now seriously undersells them. According to a recent New York Times article:

"[Advertisers] are equipping billboards with tiny cameras that gather details about passers-by — their gender, approximate age and how long they looked at the billboard. These details are transmitted to a central database. . . .

Was March National Privacy Month and no one told me? (October is National Cyber Security Awareness Month, so don't try to hack anything.) In addition to a March 31, 2008 decision by the D.C. Circuit holding that “actual damages” under the Privacy Act need not necessarily include pecuniary harm (blogged here by Lauren Gelman), the Northern District of California affirmed the standing of a class action plaintiff to sue for negligence over a stolen laptop containing personally identifiable information, based on the mere risk of identify theft. These are both important cases in that they may signal a trend toward greater recognition of the emotional and dignitary interests implicated by the exposure of personal data.

On April 21st, the Ninth Circuit held in United States v. Arnold (pdf) that the Fourth Amendment does not require government agents to have reasonable suspicion before searching laptops or other digital devices at the border, including international airports.

EPIC fellow Guilherme Roschke writes about the sophisticated Facebook presence of Greater Manchester Police and its ramifications for citizen privacy. He notes that "[l]aw enforcement use of applications will significantly expand the reach of what law enforcement can see, and also provide a more surreptitious viewing ability."

Please find his post here.

Ars Technica reports:

"Texas native Cathryn Elaine Harris has filed a lawsuit against Blockbuster, alleging that the company is actively and knowingly violating the Video Privacy Protection Act by reporting users' activities back to Facebook. The suit seeks to be certified as a class action, and asks that Blockbuster pay out $2,500 per incident in which it disclosed personally identifiable information."