Twitter Privacy Challenge Sealed by Court

Posted on December 30, 2011 by Peter S. Vogel

A Judge in Boston sealed the court records after a brief hearing challenging the District Attorney’s subpoena to Twitter to get the identity of certain accounts. The American Civil Liberties Union challenged the subpoena and was very disappointed in the sealing of the records.  

The New York Times reported

The police in Boston and the Suffolk County district attorney issued the subpoena in an effort to get information about the Twitter account @P0isAn0N and other activity on the social network related to the Occupy Boston protests. The owner of the @P0isAn0N account had also linked to personal information about Boston police officers that had been stolen in a hacking attack. 

However the subpoena also requested of the identity of Guido Fawkes, well-known British blogger named Paul Staines who by all accounts was not involved with Occupy Boston. Whoever issued the subpoena apparently did not understand the difference between hashtag and an account. Here’s the list of names in the subpoena:

Guido Fawkes
@p0isAn0N
@OccupyBoston
#BostonPD
#d0xcak3

Since Twitter lost a similar battle over anonymity over WikiLeaks it will be interesting to see how this court action plays out.

Tags: ,

Lawsuit - Are Twitter Followers a Protectable Customer List?

Posted on December 26, 2011 by Peter S. Vogel

Phonedog.com sued a former employee for theft of their customer list when his 17,000 Twitter followers went to his new Twitter name after he quit. The New York Times reported that Noah Kravitz was a writer for Phonedog.com which "is a highly interactive mobile news and reviews resource that attracts a community of more than 2.5 million unique visitors each month." Until Kravitz quit in October 2010 he had 17,000 Twitter followers for his Twitter name Phonedog_Noah, and when he left Phonedog agreed to let Kravitz keep the Twitter name in exchange for his agreement that he would post Tweets for Phonedog from time to time.

Kravitz change his Twitter name to NoahKravitz and the 17,000 followers went with him. 8 months later Phonedog.com sued Kravitz “saying the Twitter list was a customer list, and seeking damages of $2.50 a month per follower for eight months, for a total of $340,000.”

How can Phonedog.com claim that followers of Twitter is a customer list which can be protected under trade secret laws? In order to be a trade secret in the US a company must be able to prove that the secret gives a company a particular business advantage and the owner has properly protected the trade secret.

Here Phonedog.com is asserting that Twitter followers are customer list (a trade secret), however the details about Twitter followers identity are stored on Twitter. Twitter’s Terms of Service do not obligate Twitter to keep any information secret. As a matter of fact, if you search the Twitter Terms of Service the word “secret” is nowhere to be found.

This will be an interesting case to watch, but since 95% of all lawsuits settle without trial it is most likely the parties will settle the dispute and the Courts will not rule on this novel trade secret claim.

How could the facts in this lawsuit affect you and your Social Media activity?
 

Tags: , ,

Court Orders Plaintiff to Share Facebook Login Info with Defendant

Posted on December 22, 2011 by Peter S. Vogel

A court recently ordered an accident victim to provide her “Facebook username email and password” to a defendant in an auto accident lawsuit. After a chain-reaction auto accident Jessica Largent and her husband sued Jessica Reed Rosko for negligence that led to serious and permanent physical damages, and loss of consortium. (Keith Largent and Jennifer Largent v. Jessica Reed et al, Civil Action –Law No. 2009-1823, Court of Common Pleas, 39th Judicial District, Franklin County, Pennsylvania). 

Ms. Largent testified at her deposition that she had a Facebook profile which she used to regularly play a game called FrontierVille. As a result Ms. Rosko filed a motion to gain access to Ms. Largent’s Facebook profile and on November 7, 2011 Pennsylvania State Judge Richard J. Walsh granted the motion and issued this Order:

…Plaintiff Jennifer Largent shall turn over to Defense counsel her username email and password within 14 days of this Order. Plaintiff shall not delete or otherwise erase any information on her Facebook account. After 35 days from the date of this Order, Plaintiff may change her Facebook login to prevent further access by Defense counsel.

This is not the first time Facebook login information has been ordered disclosed to adverse parties, and given the continued growth in Social Media activity we will see more of these types of orders in the future.

Tags: ,

Privacy Update - Carrier IQ Goes to Washington

Posted on December 15, 2011 by Peter S. Vogel

 Earlier this week Carrier IQ representatives met with officials at the FTC, FCC, and with the staff of a number of Senators. For more details about Carrier IQ please read my eCommerce Times column “Carrier IQ and the US' Escalating Privacy Risk Level.”

The Washington Post reported that Carrier IQ Andrew Coward (senior vice president for marketing) said “This week Carrier IQ sought meetings with the FTC and FCC to educate the two agencies . . . and answer any and all question”…but he was “not aware of an official investigation.” As well, the scope of the privacy controversy has enlarged. In addition to class action lawsuits against Carrier IQ other class-actions have been filed against AT&T, Sprint Nextel, Apple, T-Mobile USA, HTC, Samsung, and Motorola.

Stay tuned for more about Carrier IQ and privacy.

Tags: , , ,

Privacy Update at Google and Microsoft

Posted on December 13, 2011 by Peter S. Vogel

Google has a team of 60 engineers, & Microsoft has 40 people, fully devoted to avoiding violation of privacy laws in the US and around the world. At a recent legal seminar executives from Google and Microsoft described how many resources they devote to privacy law compliance.

Google’s senior privacy attorney Keith Enright said that the Google team of 60 engineers “work on developing products and then the legal team steps in to examine them.” As well, Google employs Anne Toth (former Yahoo! Chief Trust Officer) to oversee privacy for Google+. 

In addition to the 40 Microsoft employees dedicated to privacy full time, Microsoft also has another 400 people who spend time on privacy law compliance.

Although the US privacy laws are generally managed by the Federal Trade Commission (FTC), there is not a single privacy law like the 1995 EU Data Directive. However a recent NY Times report indicated that it may be time to harmonize the privacy laws in the EU since the now very old 1995 privacy laws do not seem to apply well as the Internet and Social Media in 2011. 

No surprise that Google and Microsoft want to avoid the sort of problems that led to the FTC’s 20 year monitoring of Google for its failure to manage privacy with its Social Media Buzz, and the FTC’s proposed 20 year monitoring of privacy compliance of Facebook.

What is your organization doing to comply with privacy laws? When was the last time you look at the privacy policies on your website?
 

Tags:

Google Disclaims Any Relation with Carrier IQ

Posted on December 9, 2011 by Peter S. Vogel

Although Google's Android smartphone operating system has been associated with Carrier IQ, Eric Schmidt (Google's Executive Chairman) told an Internet freedom conference in the Dutch city of The Hague about Carrier IQ that "It's a key-logger, and it actually does keep your keystrokes, and we certainly don't work with them and we certainly don't support it." Reuters reported that Schmidt also said "Android is an open platform, so it's possible for people to build software that's actually not very good for you, and this appears to be one."

You might want to look at Carrier IQ’s website since it has a running log of the number of handsets currently deployed at the moment this blog is written was “141,422,528” and increasing at a rate of 67 handsets per minute (based on my iPhone stop watch). That translates to an amazing increase of 96,480 handsets per day!  Can that really be true?

Carrier IQ’s front page still states that:

Carrier IQ is the leading provider of Mobile Service Intelligent Solution to the Wireless Industry. As the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers’ mobile experience.

Seems like status quo for Carrier IQ, but the number of handset appears to be growing very quickly, and Carrier IQ’s response to Senator Franken will be interesting.

What do you think about Carrier IQ?
 

Tags: , , ,

Carrier IQ Captures Cell and Internet Usage from Millions without Approval

Posted on December 5, 2011 by Peter S. Vogel

A researcher recently found that Carrier IQ software is secretly installed on most modern Android, BlackBerry, and Nokia phones. Android developer’s Trevor Eckert’s 17 minute video demonstrates how that Carrier IQ software is loaded on his phone, cannot be disabled, tracks every keystroke, and sends the data to Carrier IQ.  After receiving this massive data from millions of cell users, Carrier IQ "correlates and aggregates the data for near real-time system monitoring and business intelligence" for phone carriers and manufacturers ostensibily to improve quality.

Eckert demonstrated that Carrier IQ software was logging and potentially transmitting the sensitive information of consumers, including:

  • when they turn their phones on;
  • when they turn their phones off;
  • the phone numbers they dial;
  • the contents of text messages they receive;
  • the URLs of the websites they visit;
  • the contents of their online search queries—even when those searches are encrypted; and
  • the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.

As a result Representative Edward Markey (D-Mass.), co-Chair of the Congressional Bi-Partisan Privacy Caucus, sent a letter to the Federal Trade Commission  asking what is being done to investigate.

In addition to Representative Markey’s letter, Senator Al Franken (chairman of the Subcommittee on Privacy, Technology, and the Law) sent his own letter to Carrier IQ which included the following:

I am very concerned by recent reports that your company's software - pre-installed on smartphones used by millions of Americans - is logging and may be transmitting extraordinarily sensitive information from consumers' phones ... It also appears that an average user would have no way to know that this software is running - and that when the user finds out, he or she will have no reasonable means to remove or stop it. ... These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.

Senator Franken requested that Carrier IQ answer by December 14, 2011.

On December 1, 2011 Carrier IQ issued a press release in which Carrier IQ stated that consumer’s privacy is protected:

Consumers have a trusted relationship with operators and expect their personal information and privacy to be respected. As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities.

Actually Carrier IQ claimed that “Our software makes your phone better by delivering intelligence on the performance of mobile devices and networks to help the operators provide optimal service efficiency.”

This is alarming news and it seems to me we all expect our government to step in to protect consumers’ privacy which seems has been seriously compromised! 

Tags: , ,

Facebook Confesses Failure to Comply with Privacy Laws

Posted on December 1, 2011 by Peter S. Vogel

After the US government filed charges that Facebook violated US privacy law, Facebook finally confessed that it failed to protect the privacy of its 800 million active users. The Federal Trade Commission (FTC) welcomes the public to submit comments on the settlement through December 30, 2011.

Under the proposed consent order, which does not include any fines, Facebook is:

barred from making misrepresentations about the privacy or security of consumers' personal information;

required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences;

required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account;

required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and

required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.

The Facebook user community surely welcomes these commitments to comply with privacy laws, and it’s good to see that FTC will monitor Facebook’s privacy compliance for the next 20 years. The 20 year privacy monitoring is similar to the FTC’s agreement for Google to protect privacy after Google’s social media disaster with Buzz.

However, time will tell if the FTC can really police social media privacy, so it would be wise for social media users to protect their own privacy.
 

Tags: , , ,