Finding Location… Giving Location

60962456Think your cell phone location is private? Think again…

Privacy advocates took a major blow this week with a 4th Circuit Court of Appeals 12-3 ruling on cell phone location data. The decision out of Virginia upheld that consumers have “no reasonable expectation of privacy” because the information is ‘willingly given’. In other words, because you ‘agree’ to use your location in cell phone services and apps, that information can be collected and used without a warrant.

The Fourth Amendment to the U.S. Constitution protects personal privacy and the right to be free from ‘unreasonable government intrusion’ into their persons, homes, businesses, and property. The “search and seizure” protections require law enforcement agencies to obtain a warrant from the court to so intrude, with an exception – the “third-party doctrine”.

Under this legal theory, consumers who knowingly and willingly surrender information to third-parties have “no reasonable expectation of privacy” in the information provided – regardless of how much information there is, or how revealing it may be. Research clearly shows that cell-site location data collected over time can reveal significant personal information — including where you live, where you work, when you travel, who you meet with, and who you sleep with. So when do you willingly surrender that data? … More often than you think.

Unfortunately, technological growth outpaces the law. As our society becomes more and more dependent on the technology we use, and we grow more numb and complacent to the services required for that use, an increasing burden is placed on our legal system to keep up and evolve. In the meantime, consumers must remain vigilant in understanding what rights and protections they sign away for the conveniences provided.


Employers Don’t Make Good Social Media Friends

Your Right to Say “No”

Privacy Needs

Do you know everyone you’re “friends” with online? Is your employer one of them? If so – did they force it on you?

In 2012, Maryland became the first state to implement social media privacy laws in respect to employment. Bill 433, implemented by then-Governor Martin O’Malley, prohibited employers from requesting or requiring an employee or job applicant to disclose their username or password to access a social networking account. Since then, 21 other states have enacted their own legislation – with Delaware most recently adding itself to the list on August 7, 2015.

There are always complications for employers on the value social media might bring in screening prospective hires, and even to investigate misconduct by current employees (like seeing an employee out on disability leave playing basketball with his friends at the park). But without express protection against accessing that information, employers have (for the most part) been free to require they be given access.

Not so anymore. At least, not everywhere. But, still, not in all regards.

Delaware’s new law is a prime example of the shift towards protection, while still leaving much to be desired. Governor Jack Markell’s legislation, House Bill 109, aims to prohibit employers from requiring employees or applicants provide access to their personal social media accounts – – either by sharing passwords, or by logging-in for the employer to take a look (aka “shoulder surfing”).

Arguably, this may prohibit employers from requesting anonymous user ID’s,  like your Twitter handle. But specifically, the bill prohibits:

  • disclosing a username or password for the purpose of allowing the employer to access personal social media;
  • accessing personal social media in the presence of the employer;
  • using personal social media as a condition of employment;
  • divulging any personal social media (except as otherwise permitted by the new law);
  • adding a person, including the employer, to the contacts list;
  • inviting or accepting an invitation from any person, including the employer, to join a group associated with the prospective or current employee’s personal social media; or
  • altering settings on the prospective or current employee’s personal social media that affect a third party’s ability to view the contents of the medium.

Although fairly broad in its coverage (including using non-employer 3rd persons to access it on their behalf, as a conduit), the law is not unlimited. And, in fact, there are a number of loopholes. It would still be ok to permit:

  • accessing, using, or viewing information about a prospective or current employee available in the public domain;
  • using personnel policies to require an employee give access to social media accounts “reasonably believed to be relevant” to an investigation of alleged employee misconduct;
  • providing access to accounts paid for and/or provided by the employer; and
  • accessing, blocking, or monitoring activity on an employer’s network.

In other words, be careful about what you post and where.

Seems intuitive, right? Well, tell that to every user who complains about privacy and then posts their most intimate life details on Twitter and Facebook. If you want to really protect your privacy – just don’t share it!

Facebook Faces Off on its Face Recognition

Smile for the camera – they know it’s you!

Facebook AddictionEvery day, social media becomes more and more integrated into our culture and the way communication spreads. From status updates keeping you apprised of a high school friend’s travel plans or love life, to debates on the latest political or entertainment news, young kids and the elderly alike are turning to platforms like Facebook on a daily basis.

But where does that information go? For how long? Is that data being kept to build its own profile on “YOU”? … Did you agree to it?

In a subtle change to its tech offerings, Facebook and other similar platforms have integrated facial recognition software into their user interface. That is, if you post a photo, the biometrics (‘unique features and identifiers’) of each face are tracked, stored, and automatically associated with the person(s) targeted. That association, while saving time in having to ‘tag’ each and every friend, is now also under scrutiny for its commercial use without consent.

A number of class action lawsuits have recently been filed in Illinois against Facebook and Shutterfly for the the unlawful and improper collection of such biometric data. These claims, testing the limits of a new Illinois privacy law, are founded on the requirement that each person must have knowledge of and consent in writing to the collection of such information, the specific purpose for its collection, and the length of time it will be stored. Illinois’ Biometric Information Privacy Act, 740 ILCS 14 (West). In other words, before sites like Facebook go ahead and track or use the data, they better be sure YOU are sure, that you know they’re doing it, and that it’s fine by you.

With millions of people now actively using Facebook and other similar social media sites, it’s scary to think just how large a collection of biometric data has already been stored. And, with the increasing number of security breaches and hacks into online databases (remember this?), it’s even scarier to think who might have access to that information.

At the end of the day, the NSA really doesn’t hold a candle to what’s been going on right under your digital-nose.