Albert Gidari's blog

This blogpost was first published by me on May 22, 2020, as a series of Tweets on manual contact tracing and privacy risks. Many privacy advocates initally opposed using technology like bluetooth exposure notification applications to fight the spread of COVID-19, arguing instead that manual contact tracing works better; that it is "tried & true" and has none of the privacy concerns that applications raise. Read more about Manual Contact Tracing Has Privacy Issues

I’ve written here, here, here about the intercep Read more about Can the US-UK CLOUD Act Agreement be Fixed?

I’ve written here, here and here about the inter Read more about Transparency Reporting After the Cloud Act - It's Time for a Refresh

In my first blog post on the CLOUD Act and US-UK Agreement, I noted that the wiretap provision of the CLOUD Act - as opposed to the stored content provisions resolving the Microsoft Ireland case - hardly had been discussed, but it was sure to raise concerns in those third countries where users were targeted by US or UK law enforcement. Read more about More Questions about the CLOUD Act and the US-UK Agreement - Can the US direct UK Providers to Wiretap their Users in Third Countries?

My blog post on the big interception flaw in the CLOUD Act and US-UK Agreement generated some interesting responses, mostly offline, arguing that it is legal for the US or UK to use providers in their countries to wiretap users in third countries without the consent or knowledge of the third country. Read more about US and UK CLOUD Act Wiretapping in Third Countries: It Is a Real Problem

On October 3, 2019, the United States and the United Kingdom entered into a first-of-its-kind executive agreement under the CLOUD Act. Read more about The Big Interception Flaw in the US-UK Cloud Act Agreement

So it seems that the Microsoft Ireland case at the Supreme Court will end with a whimper. Both the Department of Justice and Microsoft agree that the case is moot and should be dismissed due to the passage of the Clarifying Lawful Overseas Use of Data Act or “CLOUD Act.” DoJ told the Court that it has procured a warrant under new section 2713 of the Stored Communications Act. Read more about What will Microsoft and Ireland do with the new CLOUD Act warrant?

An enormous amount of attention has been paid to the oral argument before the Supreme Court in Carpenter v. United States. The transcript provides tantalizing tea leaves as to whether the Court will find a protectable right to privacy in a cell phone subscriber’s location and many pundits seem to think the day went to Carpenter while I haven’t heard anyone touting a government homerun. Read more about The Practical Impact of Carpenter v. United States

Last month, the Supreme Court of California may have decided the future of the public's access to "smart city" data without knowing it. In ACLU v Los Angeles Police Department, the court accepted that raw data collected by Los Angeles police and sheriff departments, using automated licence plate readers (ALPRs), constituted a public record subject to disclosure under California's Public Records Act (CPRA) absent an exemption. The court held that the catch-all disclosure exemption in the CPRA applied, which requires balancing the public interest in preventing disclosure where certain harms can be identified against the public interest served by disclosure such as furthering the public's understanding of the privacy risks of the ALPR program. Read more about Public Access to Smart Data

If your cell phone is on, your location is known, tracked and recorded, whether you are in your home or in public. As you move around, your location history is created and stored by the carrier, numerous applications on the device, and potentially even the manufacturer of the device or operating system provider. Your consent to capture this information, whether rough location or very granular,  may be tacit, inherent in the application’s usage, or freely given when you activate, install or operate the device. Read more about Why is the Internet Like a Cell Phone? Carpenter v. U.S

The House Judiciary Committee held a hearing yesterday on cross-border data requests, featuring testimony from the Department of Justice, the U.K. government, Google, the Center for Democracy and Technology, state law enforcement, and Professor Andrew Woods. Everyone recognizes the problem: law enforcement outside the U.S. can’t get data for their legitimate investigations from U.S. Read more about The Cross-Border Data Fix: It’s Not So Simple

No one wants to live in a “dumb” city.  But I question whether anyone ought to want to live in a really smart city either.  I’d prefer to just live in a smarter city -- one that puts my privacy and security first before rolling out ubiquitous sensors and broad-scale data collection in the name of some larger public good. Read more about "Smart Cities" Are Too Smart for Your Privacy

I have been writing for some time about the huge discrepancy between the number of wiretaps reported annually by the Administrative Office (AO) of the US Courts and the numbers reported by phone companies and online service providers in their transparency reports. It never occurred to me that the AO might be at fault for some of the apparent under-reporting of wiretaps. Read more about Wiretap Reports Not So Transparent

I submitted comments this week to the New York City Taxi and Limousine Commission as the Director of Privacy at the Center for Internet and Society (CIS). The emergence of new transportation networks and platforms certainly presents privacy challenges and the private companies in these emerging markets certainly have had their share of privacy mis-steps. Read more about Should Government Agencies Know Precisely Where You Get Picked Up and Dropped Off?