La réunion de Public Voice, organisée aujourd’hui à Jérusalem sur le thème Next Generation Privacy Challenges and Opportunities, a été l’occasion de rappeler comment les autres pays considèrent le droit à la vie privée et le droit à la protection des données personnelles.
Le débat Establishing International Frameworks for Privacy Protection a permis aux participants et aux auditeurs d’en apprendre plus sur ce sujet.
Rappelons simplement qu’en France le droit à la vie privée est considéré comme un droit de l’homme. Le Conseil constitutionnel, dans sa décision n. 99-416 DC du 23 juillet 1999 a précisé que le droit à la liberté proclamé par l'article 2 de la Déclaration des droits de l'homme et du citoyen implique le respect de la vie privée. L’article 1er de la loi du 6 janvier 1978 rappelle que l’informatique ne doit porter atteinte, ni à l’ídentité humaine, ni aux droits de l’homme, ni à la vie privée, ni aux libertés fondamentales ou publiques.
La directive 95/46 donne aux États membres le devoir d’assurer « la protection des libertés et droits fondamentaux des personnes physiques, notamment dans leur vie privée, à l’égard du traitement des données à caractère personnel ». Marie-Hélène Boulanger, Chef d’unité « protection des données » à la Commission européenne, a d’ailleurs rappelé aujourd'hui que ces lois ne distinguaient pas le sujet citoyen de l’Union européenne du sujet non citoyen.
Kirsten Bock, de l’autorité administrative indépendante de protection des donnés personnelles du Schleswig-Holstein, a évoqué la possibilité d’un privacy seal européen , alors que, selon elle, le droit de l’Union Européenne en matière de protection des données personnelles est dépassé et doit être mis à jour. Il faudra donner plus de pouvoirs aux organisations non-gouvernementales de défense des droits de l’homme.
Rajan R. Gandhi, un représentant de Society in Action Group, une ONG indienne, a rappelé qu’en Inde le droit à la vie privée est considéré comme un droit de l’homme. Si les données personnelles sont détournées de leur emploi, ce détournement est considéré comme un abus dans la confiance du sujet. La société indienne accorde en effet beaucoup d’importance à la confiance. Pourtant, les intrusions dans la vie privée des Indiens sont de plus en plus fréquentes, et l’Inde n’a pas, au contraire de l’Europe, des lois permettant la protection des données personnelles et de la vie privée des citoyens. L’Inde considère que la violation de la vie privée est une violation d’un droit de l’homme.
Un projet, Digital Privacy in Asia , lancé à l’initiative de The International Development Research Centre, une ONG canadienne, doit permettre aux Indiens, les chercheurs et le grand public, de se familiariser avec les différents moyens généraux de protéger la vie privée, afin d’ouvrir le débat.
Merci à tous les participants qui ont suivi la conférence sur Twitter et posté leurs notes avec le hashtag #thepublicvoice !
Monday, October 25, 2010
"Emerging Privacy Issue": Les Compteurs Intelligents
Michiel Karskens a présenté aujourd’hui à la réunion organisée par The Public Voice « Next Generation Privacy Challenges and Opportunities », les dangers que les compteurs intelligents peuvent présenter pour la vie privée.
Ces compteurs intelligents permettent de surveiller avec une grande précision la consommation électrique d’un foyer, ou bien sa consommation de gaz ou d’eau. Pratique ? Certes. Ces compteurs permettent de connaître précisément quels sont les appareils les plus gourmands, et ce presque en temps réel (souvent de demi-heure en demi heure). Les compteurs intelligents peuvent ainsi nous permettent à la fois de faire des économies et d’adopter des habitudes de consommation plus écologiques.
Mais ces compteurs intelligents peuvent représenter un nouveau danger pour la vie privée des consommateurs. Le fournisseur d’énergie va pouvoir déduire de la somme d’informations précises sur la consommation d’un ménage des informations d’ordre privé, le nombre d’habitants au foyer, leurs âges, et leurs habitudes. Nous sommes de gros consommateurs d’énergie, et nos besoins trahissent notre parcours dans le foyer, du salon à la chambre à coucher, l’heure de notre diner, nos habitudes hygiéniques (combien de douches par jour ?) et l’heure de notre coucher (télévision ou bien livre avant d’aller dormir ?) Sommes- nous insomniaques ? Sommes-nous gourmands ? Le compteur intelligent le sait.
Qui pourrait avoir accès à ces données ? Combien de temps ces donnés seraient-elles conservées ? Sommes-nous prêts à échanger les avantages des compteurs intelligents contre l’inconvénient de divulguer encore plus notre vie privée ? Le débat s’est déjà engagé aux États-Unis, mais il est encore très timide en France. A nous de nous y engager.
La réunion se poursuit, et peut être suivie en streaming ici.
Ces compteurs intelligents permettent de surveiller avec une grande précision la consommation électrique d’un foyer, ou bien sa consommation de gaz ou d’eau. Pratique ? Certes. Ces compteurs permettent de connaître précisément quels sont les appareils les plus gourmands, et ce presque en temps réel (souvent de demi-heure en demi heure). Les compteurs intelligents peuvent ainsi nous permettent à la fois de faire des économies et d’adopter des habitudes de consommation plus écologiques.
Mais ces compteurs intelligents peuvent représenter un nouveau danger pour la vie privée des consommateurs. Le fournisseur d’énergie va pouvoir déduire de la somme d’informations précises sur la consommation d’un ménage des informations d’ordre privé, le nombre d’habitants au foyer, leurs âges, et leurs habitudes. Nous sommes de gros consommateurs d’énergie, et nos besoins trahissent notre parcours dans le foyer, du salon à la chambre à coucher, l’heure de notre diner, nos habitudes hygiéniques (combien de douches par jour ?) et l’heure de notre coucher (télévision ou bien livre avant d’aller dormir ?) Sommes- nous insomniaques ? Sommes-nous gourmands ? Le compteur intelligent le sait.
Qui pourrait avoir accès à ces données ? Combien de temps ces donnés seraient-elles conservées ? Sommes-nous prêts à échanger les avantages des compteurs intelligents contre l’inconvénient de divulguer encore plus notre vie privée ? Le débat s’est déjà engagé aux États-Unis, mais il est encore très timide en France. A nous de nous y engager.
La réunion se poursuit, et peut être suivie en streaming ici.
Friday, September 24, 2010
Email, Cloud, Privacy and the ECPA
Congress passed the Electronic Communications Privacy Act (ECPA) in 1986. This federal law is comprised of three different Acts: the Wiretap Act, amending Title III of the Omnibus Crime Control and Safe Street Act of 1968, the Stored Communication Act (SCA), and the Pen Register Act.
It is now time to reform the ECPA, and this reform is on Congress’ agenda. The House of Representative Committee on the Judiciary, Subcommittee on the Constitution, Civil Rights, and Civil Liberties, heard testimonies on September 23 regarding “ECPA Reform and the Revolution in Cloud Computing.”
The Fourth Amendment of the United States Constitution guarantees the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” The Supreme Court held in Katz v. United States, that the government cannot eavesdrop on telephone communications held in a place where one has an actual (subjective) expectation of privacy that society is prepared to recognize as reasonable (J.Harlan, concurring).The Court noted that it had emphasized “over and again… that the mandate of the [Fourth] Amendment requires adherence to judicial processes, and that searches conducted outside the judicial process, without prior approval by judge or magistrate, are per se unreasonable under the Fourth Amendment subject only to a few specifically established and well-delineated exceptions…” Indeed, pursuant to the Fourth Amendment, warrants may only be issued upon probable cause, and must “particularly describe the place to be searched, and the persons or things to be seized.”
In Berger v. New York, the Supreme Court emphasized that “the need for particularity and evidence of reliability in the showing required when judicial authorization of a search is sought is especially great in the case of eavesdropping. By its very nature eavesdropping involves an intrusion on privacy that is broad in scope…”
Enacted after Katz and Berger, Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the “Wiretap Act”), as amended in 1986 by the ECPA, defines electronic communication as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include — (A) any wire or oral communication.”18. U.S.C. §2510(12) Electronic storage is defined as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” 18. U.S.C. §2510(17)
The ECPA was enacted in 1986 to set a "fair balance between the privacy expectations of American citizens and the legitimate needs of law enforcement agencies." (Senate Report No. 99-541, 99th Cong., 2d Sess. 5 (1986). At this time, only a few Americans had heard about the Internet. Storing data was expensive. In his testimony, Richard Salgado, Google’s Senior Counsel, Law Enforcement and Information Security, noted that it took $650 in 1986 to buy a 10 megabyte hard drive with room to store “about two high resolutions photos”, whereas today it will cost less than $100 to buy a 1.5 terabyte hard drive !
Data was not tucked in a cloud. A Gartner survey showed this month that cloud-computing services represents in 2010 10 percent of spending on external IT services. A Pew Research Center survey revealed in 2008 that 69% of only Americans store data online or use a web-based software application.
New technologies, new privacy challenges. In his testimony, Michael Hintze, Microsoft Associate General Counsel, argued that the ECPA, since having been enacted in to law in 1986, has failed to keep pace with technology. He took the example of the difference made by the ECPA between emails stored for less than 180 days and those stored for more than 180 days, and concluded that this distinction no longer makes any sense.
Indeed, the SCA, as codified at 18. U.S.C. §2703 (a), allows the government to require the disclosure by an electronic communication service provider of the contents of a wire or electronic communication that is in electronic storage in an electronic communications system for 180 days or less, but only if the government first obtains a federal or state court-issued warrant. If the data has been in storage for more than 180 days, the government can require the provider to disclose the data without prior notice to the subscriber or customer if it first obtains a federal or state court-issued warrant. If the government provides prior notice to the subscriber or customer, the government must still obtain (i) an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or (ii) obtain a court order for such disclosure. 18. U.S.C. §2703 (b)
Therefore the ECPA provides more protection for emails stored for less than 180 days, than for emails stored for more than 180 days. That made sense in 1986, when storing data was extremely costly, but we are now living in a world where some of us keep emails for months, sometime years, tucked in the cloud. Should the privacy of these emails be less protected than when they were first arrived in our mailboxes?
The first version of Microsoft Exchange was released in 1996. The user was able to download emails from a server to a local machine. One could then conceive that an email which had not been downloaded after 180 days had been abandoned by the recipient, and thus had no expectation of privacy in the message. However, Hotmail, offered for the first time in 1997, stored emails in the cloud. The cloud retained the message even after its intended recipient had read it. Yet, data storing capacity was still limited in 1997, but it is no longer the case. Mr. Hintze concludes that users reasonably expect their data to be as private on day 181 as it is on day 179. It is hard to disagree with that statement.
A coalition of companies and non-profit organizations, the Digital Due Process Coalition, has also been advocating SCA reform. Members of the coalition include among others, the American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation, Google, Microsoft, IBM, and AT&T.
The coalition recommends the Act to be reformed so that the government could only require electronic communications providers to give it access to the non-public content of communications if producing a search warrant based on probable cause, and this “regardless of the age of the communication, the means or status of its storage or the provider’s access to or use of the content in its business operations.” (see p. 5 of Becky Burr, ECPA: PRINCIPLES FOR REFORM)
It is now time to reform the ECPA, and this reform is on Congress’ agenda. The House of Representative Committee on the Judiciary, Subcommittee on the Constitution, Civil Rights, and Civil Liberties, heard testimonies on September 23 regarding “ECPA Reform and the Revolution in Cloud Computing.”
The Fourth Amendment of the United States Constitution guarantees the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” The Supreme Court held in Katz v. United States, that the government cannot eavesdrop on telephone communications held in a place where one has an actual (subjective) expectation of privacy that society is prepared to recognize as reasonable (J.Harlan, concurring).The Court noted that it had emphasized “over and again… that the mandate of the [Fourth] Amendment requires adherence to judicial processes, and that searches conducted outside the judicial process, without prior approval by judge or magistrate, are per se unreasonable under the Fourth Amendment subject only to a few specifically established and well-delineated exceptions…” Indeed, pursuant to the Fourth Amendment, warrants may only be issued upon probable cause, and must “particularly describe the place to be searched, and the persons or things to be seized.”
In Berger v. New York, the Supreme Court emphasized that “the need for particularity and evidence of reliability in the showing required when judicial authorization of a search is sought is especially great in the case of eavesdropping. By its very nature eavesdropping involves an intrusion on privacy that is broad in scope…”
Enacted after Katz and Berger, Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the “Wiretap Act”), as amended in 1986 by the ECPA, defines electronic communication as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include — (A) any wire or oral communication.”18. U.S.C. §2510(12) Electronic storage is defined as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” 18. U.S.C. §2510(17)
The ECPA was enacted in 1986 to set a "fair balance between the privacy expectations of American citizens and the legitimate needs of law enforcement agencies." (Senate Report No. 99-541, 99th Cong., 2d Sess. 5 (1986). At this time, only a few Americans had heard about the Internet. Storing data was expensive. In his testimony, Richard Salgado, Google’s Senior Counsel, Law Enforcement and Information Security, noted that it took $650 in 1986 to buy a 10 megabyte hard drive with room to store “about two high resolutions photos”, whereas today it will cost less than $100 to buy a 1.5 terabyte hard drive !
Data was not tucked in a cloud. A Gartner survey showed this month that cloud-computing services represents in 2010 10 percent of spending on external IT services. A Pew Research Center survey revealed in 2008 that 69% of only Americans store data online or use a web-based software application.
New technologies, new privacy challenges. In his testimony, Michael Hintze, Microsoft Associate General Counsel, argued that the ECPA, since having been enacted in to law in 1986, has failed to keep pace with technology. He took the example of the difference made by the ECPA between emails stored for less than 180 days and those stored for more than 180 days, and concluded that this distinction no longer makes any sense.
Indeed, the SCA, as codified at 18. U.S.C. §2703 (a), allows the government to require the disclosure by an electronic communication service provider of the contents of a wire or electronic communication that is in electronic storage in an electronic communications system for 180 days or less, but only if the government first obtains a federal or state court-issued warrant. If the data has been in storage for more than 180 days, the government can require the provider to disclose the data without prior notice to the subscriber or customer if it first obtains a federal or state court-issued warrant. If the government provides prior notice to the subscriber or customer, the government must still obtain (i) an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or (ii) obtain a court order for such disclosure. 18. U.S.C. §2703 (b)
Therefore the ECPA provides more protection for emails stored for less than 180 days, than for emails stored for more than 180 days. That made sense in 1986, when storing data was extremely costly, but we are now living in a world where some of us keep emails for months, sometime years, tucked in the cloud. Should the privacy of these emails be less protected than when they were first arrived in our mailboxes?
The first version of Microsoft Exchange was released in 1996. The user was able to download emails from a server to a local machine. One could then conceive that an email which had not been downloaded after 180 days had been abandoned by the recipient, and thus had no expectation of privacy in the message. However, Hotmail, offered for the first time in 1997, stored emails in the cloud. The cloud retained the message even after its intended recipient had read it. Yet, data storing capacity was still limited in 1997, but it is no longer the case. Mr. Hintze concludes that users reasonably expect their data to be as private on day 181 as it is on day 179. It is hard to disagree with that statement.
A coalition of companies and non-profit organizations, the Digital Due Process Coalition, has also been advocating SCA reform. Members of the coalition include among others, the American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation, Google, Microsoft, IBM, and AT&T.
The coalition recommends the Act to be reformed so that the government could only require electronic communications providers to give it access to the non-public content of communications if producing a search warrant based on probable cause, and this “regardless of the age of the communication, the means or status of its storage or the provider’s access to or use of the content in its business operations.” (see p. 5 of Becky Burr, ECPA: PRINCIPLES FOR REFORM)
Saturday, August 28, 2010
New Blog Post on the "Information Security Breaches & the Law" blog
This blog is a bit on hold right now, as I write more for the "Information Security Breaches & the Law" blog.
Latest blog post, written with Cédric Laurant: "Will France adopt a law requiring the notification of security breaches? "
Latest blog post, written with Cédric Laurant: "Will France adopt a law requiring the notification of security breaches? "
Friday, July 16, 2010
Second Circuit: The FCC indecency policy is unconstitutionally vague
The Second Circuit held on July 13 that the Federal Communications Commission‘s indecency policy “violates the First Amendment because it is unconstitutionally vague, creating a chilling effect that goes far beyond the fleeting expletives at issue here.”
In Fox Television Stations, Inc. v. FCC, 489 F.3d 444, (2d Cir. 2007), the Second Circuit had found that the Federal Communication Commission’s (“FCC”) policy banning fleeting expletive was arbitrary and capricious on three grounds under the Administrative Procedure Act (“APA”), 5 U.S.C. § 706(2)(A). First, the FCC had failed to explain why it had not previously banned such expletives as harmful. Second, such policy would require it to ban all broadcast of expletives, and by failing to do so, the FCC had undermined the coherence of its rationale. Thirdly, the Second Circuit was not convinced by the FCC argument that an exemption for fleeting expletives would then lead to a increased use of one-at-a-time expletives.
The Supreme Court did not find these arguments persuasive and reversed. Fox Television Stations, Inc. v. FCC, 129 S.Ct. 1800 (2009). A federal agency has the right, after all, to change its opinion: “the fact that an agency had a prior stance does not alone prevent it from changing its view or create a higher hurdle for doing so.” The Supreme Court noted that the FCC had always drawn distinctions between the offensiveness of some words, particularly taking their context into account. The Supreme Court sided with the FCC’s argument that a complete immunity for fleeting expletives would lead to their increase. The Supreme Court reversed and remanded for consideration of petitioner’s constitutional arguments.
The petition for review came on remand before the Second Circuit, and, on July 13, 2010, it vacated the FCC indecency policy because it is unconstitutionally vague.
What is the FCC’s indecency policy?
Section 1464 of Title 18 of United States Code provides that “[w]hoever utters any obscene, indecent, or profane language by means of radio communication shall be fined under this title or imprisoned not more than two years, or both.”
In 2001, the FCC published an indecency policy, the Industry Guidance, “to provide guidance to the broadcast industry regarding our case law interpreting 18 U.S.C. § 1464 and our enforcement policies with respect to broadcast indecency.” Material is indecent if it “describe[s] or depict[s] sexual or excretory organs or activities, and if the broadcast is “patently offensive as measured by contemporary community standards for the broadcast medium.”
The FCC also explained that it considered three factors to determine whether a broadcast is patently offensive:
(1) “the explicitness or graphic nature of the description or depiction;
(2) whether the material dwells on or repeats at length” the description or depiction; and
(3) whether the material appears to pander or is used to titillate, or whether the materials appears to have been presented for its shock value.”
On the difficulty to clean a Prada bag when soiled by cow excrement: fleeting expletives and the FCC
Nicole Ritchie explained during the 2003 Billboard Music Awards, broadcasted on Fox, that it is difficult to clean a Prada bag if soiled by cow excrement, but did so in somewhat different terms, with the help of both the F and the S words. A year earlier, Cher had used a solo expletive to comment on her receiving a Billboard Music Award. The FCC found Fox liable in both cases.
In 2004, the FCC declared for the first time, in the so-called Golden Globes Order, that an expletive use of the F-word and the S-word could be actionably indecent, even if the word is used only once, In re Complaints Against Various Broadcast Licensees Regarding Their Airing of the “Golden Globe Awards” Program, 19 FCC Rcd. 4975, 4976, n. 4 (2004.
Before this Order, an isolated or fleeting use of such words had not been considered indecent, and the FCC declared that “any such interpretation is no longer good law.” 19 FCC Rcd., at 4980. After it issued the Golden Globes Order, the FCC also started to fine broadcast licensees for indecency violations. It imposed $8 million in fines in 2004.
The 1978 Pacifica case
Indecent speech is protected by the First Amendment, unless it is obscene: “Where obscenity is not involved, …the fact that protected speech may be offensive to some does not justify its suppression.” Reno v. ACLU, 521 U.S. 844, 874-75 (1997).
In the Seventies, a father had complained to the FCC that George Carlin’s “Filthy Words” monologue, had been broadcast it in the afternoon and that he heard it while driving with his young son. In a declaratory order, Pacifica Foundation, 56 F.C.C. 2d 94, 98, the FCC defined indecent speech as “language that describes, in terms patently offensive as measured by contemporary community standards for the broadcast medium, sexual or excretory activities or organs, at times of the day when there is a reasonable risk that children may be in the audience.” 56 F.C.C. 2d, at 98. The FCC granted the father’s complaint, and held that Pacifica, the broadcaster, “could have been the subject of administrative sanctions.” 56 F.C.C. 2d 94,99.
A Court of Appeals reversed, and the Supreme Court held in FCC v. Pacifica Found., 438 U.S. 726 (1978), that indecent speech could be banned. However, the holding was very narrow.
Indecent speech could be banned because of two reasons, Pacifica, at 748-749, which the Second Circuit describes in its July 2010 ruling as “the twin pillars of pervasiveness and accessibility to children.”(our emphasis).
(1) the “uniquely pervasive presence” of the medium and
(2) the fact that the broadcasted program featuring such language is “uniquely accessible to children.”
The Supreme Court did not specify what level of scrutiny must be applied on broadcast speech.
Section 326 of the Federal Communication Act of 1934 prohibits censorship by the FCC, as it clearly states that the FCC has no power of censorship over radio communications, and that it cannot interfere with the right of free speech by means of radio communication. However, in Pacifica, the Supreme Court held that section 326 does not limit the FCC’s authority to sanction licensees engaging in obscene, indecent, or profane broadcasting. The FCC has the power to deprive a broadcaster of his license if the FCC decides that it would serve the public interest, convenience and necessity.
The FCC from then on interpreted Pacifica as permitting it to sanction indecent speech, whereas the broadcasters interpreted it, because of the narrowness of the holding, as setting limits to the power of the FCC by defining indecent speech only as speech having “shock value.”
Towards an overruling of Pacifica?
The Second Circuit was careful to state that they are bound by Supreme Court precedent, even though the world has changed since Pacifica: “The Supreme Court may decide in due course to overrule Pacifica and subject speech restrictions in the broadcast context to strict scrutiny.”
One of the arguments made by the Second Circuit in its July 2010 opinion is the fact that the media landscape has changed significantly since Pacifica. The Internet did not exist then, with its myriad of sites claiming our attention (the Second Circuit gives as examples Facebook, Twitter and Youtube). Cable television was “still in its infancy.” The Second Circuit, quoting Pacifica, argues that broadcast television no longer has that “uniquely pervasive presence in the lives of all Americans.”
Indeed, the “twin pillars” of Pacifica are shaking down.
First twin pillar broken: pervasiveness
Broadcast television is longer pervasive. It is just one of the many choices offered to us. The Second Circuit notes that 87% of households now subscribe to a cable or a satellite service, and that remote controls allow us to shift swiftly through channels. The Internet claims an important part of our attention as well.
Second twin pillar broken: accessibility to children
The Second Circuit also argued that, “as the FCC itself acknowledges, “[c]hildren today live in a media environment that is dramatically different from the one in which their parents and grandparents grew up decades ago.”” In the Matter of Empowering Parents and Protecting Children in an Evolving Media Landscape, 24 F.C.C. Rcd. 13171, at ¶ 11 (2009), for example, parents now have the power, thanks to the V-chip, to monitor which programs their children are watching on television.
The Second Circuit cited United States v. Playboy Entm't Group, 529 U.S. 803, 815(2000): “…targeted blocking enables the Government to support parental authority without affecting the First Amendment interests of speakers and willing listeners – listeners for whom, if the speech is unpopular or indecent, the privacy of their own homes may be the optimal place of receipt.
The FCC indecency policy is unconstitutional
The Second Circuit held that “the FCC indecency policy is unconstitutional because it is impermissibly vague.” A law or regulation is vague if it does not give a person of ordinary intelligence a reasonable opportunity to know what is prohibited.
The Second Circuit gave examples where the FCC had determined that “bullshit” was patently offensive, whereas “dickhead” was not. True, it is rather difficult to understand why one word would be deemed “vulgar, graphic and explicit,” but not the other one.
The Second Circuit also argued that, since the standards used by the FCC are “indiscernible,” there is a risk that they “will be enforced in a discriminatory manner.” However, the Second Circuit “ha[s] no reason to suspect that the FCC is using its indecency policy as a means of suppressing particular points of view.” The mere risk of subjectivity is a chill to speech protected by the First Amendment.
In Fox Television Stations, Inc. v. FCC, 489 F.3d 444, (2d Cir. 2007), the Second Circuit had found that the Federal Communication Commission’s (“FCC”) policy banning fleeting expletive was arbitrary and capricious on three grounds under the Administrative Procedure Act (“APA”), 5 U.S.C. § 706(2)(A). First, the FCC had failed to explain why it had not previously banned such expletives as harmful. Second, such policy would require it to ban all broadcast of expletives, and by failing to do so, the FCC had undermined the coherence of its rationale. Thirdly, the Second Circuit was not convinced by the FCC argument that an exemption for fleeting expletives would then lead to a increased use of one-at-a-time expletives.
The Supreme Court did not find these arguments persuasive and reversed. Fox Television Stations, Inc. v. FCC, 129 S.Ct. 1800 (2009). A federal agency has the right, after all, to change its opinion: “the fact that an agency had a prior stance does not alone prevent it from changing its view or create a higher hurdle for doing so.” The Supreme Court noted that the FCC had always drawn distinctions between the offensiveness of some words, particularly taking their context into account. The Supreme Court sided with the FCC’s argument that a complete immunity for fleeting expletives would lead to their increase. The Supreme Court reversed and remanded for consideration of petitioner’s constitutional arguments.
The petition for review came on remand before the Second Circuit, and, on July 13, 2010, it vacated the FCC indecency policy because it is unconstitutionally vague.
What is the FCC’s indecency policy?
Section 1464 of Title 18 of United States Code provides that “[w]hoever utters any obscene, indecent, or profane language by means of radio communication shall be fined under this title or imprisoned not more than two years, or both.”
In 2001, the FCC published an indecency policy, the Industry Guidance, “to provide guidance to the broadcast industry regarding our case law interpreting 18 U.S.C. § 1464 and our enforcement policies with respect to broadcast indecency.” Material is indecent if it “describe[s] or depict[s] sexual or excretory organs or activities, and if the broadcast is “patently offensive as measured by contemporary community standards for the broadcast medium.”
The FCC also explained that it considered three factors to determine whether a broadcast is patently offensive:
(1) “the explicitness or graphic nature of the description or depiction;
(2) whether the material dwells on or repeats at length” the description or depiction; and
(3) whether the material appears to pander or is used to titillate, or whether the materials appears to have been presented for its shock value.”
On the difficulty to clean a Prada bag when soiled by cow excrement: fleeting expletives and the FCC
Nicole Ritchie explained during the 2003 Billboard Music Awards, broadcasted on Fox, that it is difficult to clean a Prada bag if soiled by cow excrement, but did so in somewhat different terms, with the help of both the F and the S words. A year earlier, Cher had used a solo expletive to comment on her receiving a Billboard Music Award. The FCC found Fox liable in both cases.
In 2004, the FCC declared for the first time, in the so-called Golden Globes Order, that an expletive use of the F-word and the S-word could be actionably indecent, even if the word is used only once, In re Complaints Against Various Broadcast Licensees Regarding Their Airing of the “Golden Globe Awards” Program, 19 FCC Rcd. 4975, 4976, n. 4 (2004.
Before this Order, an isolated or fleeting use of such words had not been considered indecent, and the FCC declared that “any such interpretation is no longer good law.” 19 FCC Rcd., at 4980. After it issued the Golden Globes Order, the FCC also started to fine broadcast licensees for indecency violations. It imposed $8 million in fines in 2004.
The 1978 Pacifica case
Indecent speech is protected by the First Amendment, unless it is obscene: “Where obscenity is not involved, …the fact that protected speech may be offensive to some does not justify its suppression.” Reno v. ACLU, 521 U.S. 844, 874-75 (1997).
In the Seventies, a father had complained to the FCC that George Carlin’s “Filthy Words” monologue, had been broadcast it in the afternoon and that he heard it while driving with his young son. In a declaratory order, Pacifica Foundation, 56 F.C.C. 2d 94, 98, the FCC defined indecent speech as “language that describes, in terms patently offensive as measured by contemporary community standards for the broadcast medium, sexual or excretory activities or organs, at times of the day when there is a reasonable risk that children may be in the audience.” 56 F.C.C. 2d, at 98. The FCC granted the father’s complaint, and held that Pacifica, the broadcaster, “could have been the subject of administrative sanctions.” 56 F.C.C. 2d 94,99.
A Court of Appeals reversed, and the Supreme Court held in FCC v. Pacifica Found., 438 U.S. 726 (1978), that indecent speech could be banned. However, the holding was very narrow.
Indecent speech could be banned because of two reasons, Pacifica, at 748-749, which the Second Circuit describes in its July 2010 ruling as “the twin pillars of pervasiveness and accessibility to children.”(our emphasis).
(1) the “uniquely pervasive presence” of the medium and
(2) the fact that the broadcasted program featuring such language is “uniquely accessible to children.”
The Supreme Court did not specify what level of scrutiny must be applied on broadcast speech.
Section 326 of the Federal Communication Act of 1934 prohibits censorship by the FCC, as it clearly states that the FCC has no power of censorship over radio communications, and that it cannot interfere with the right of free speech by means of radio communication. However, in Pacifica, the Supreme Court held that section 326 does not limit the FCC’s authority to sanction licensees engaging in obscene, indecent, or profane broadcasting. The FCC has the power to deprive a broadcaster of his license if the FCC decides that it would serve the public interest, convenience and necessity.
The FCC from then on interpreted Pacifica as permitting it to sanction indecent speech, whereas the broadcasters interpreted it, because of the narrowness of the holding, as setting limits to the power of the FCC by defining indecent speech only as speech having “shock value.”
Towards an overruling of Pacifica?
The Second Circuit was careful to state that they are bound by Supreme Court precedent, even though the world has changed since Pacifica: “The Supreme Court may decide in due course to overrule Pacifica and subject speech restrictions in the broadcast context to strict scrutiny.”
One of the arguments made by the Second Circuit in its July 2010 opinion is the fact that the media landscape has changed significantly since Pacifica. The Internet did not exist then, with its myriad of sites claiming our attention (the Second Circuit gives as examples Facebook, Twitter and Youtube). Cable television was “still in its infancy.” The Second Circuit, quoting Pacifica, argues that broadcast television no longer has that “uniquely pervasive presence in the lives of all Americans.”
Indeed, the “twin pillars” of Pacifica are shaking down.
First twin pillar broken: pervasiveness
Broadcast television is longer pervasive. It is just one of the many choices offered to us. The Second Circuit notes that 87% of households now subscribe to a cable or a satellite service, and that remote controls allow us to shift swiftly through channels. The Internet claims an important part of our attention as well.
Second twin pillar broken: accessibility to children
The Second Circuit also argued that, “as the FCC itself acknowledges, “[c]hildren today live in a media environment that is dramatically different from the one in which their parents and grandparents grew up decades ago.”” In the Matter of Empowering Parents and Protecting Children in an Evolving Media Landscape, 24 F.C.C. Rcd. 13171, at ¶ 11 (2009), for example, parents now have the power, thanks to the V-chip, to monitor which programs their children are watching on television.
The Second Circuit cited United States v. Playboy Entm't Group, 529 U.S. 803, 815(2000): “…targeted blocking enables the Government to support parental authority without affecting the First Amendment interests of speakers and willing listeners – listeners for whom, if the speech is unpopular or indecent, the privacy of their own homes may be the optimal place of receipt.
The FCC indecency policy is unconstitutional
The Second Circuit held that “the FCC indecency policy is unconstitutional because it is impermissibly vague.” A law or regulation is vague if it does not give a person of ordinary intelligence a reasonable opportunity to know what is prohibited.
The Second Circuit gave examples where the FCC had determined that “bullshit” was patently offensive, whereas “dickhead” was not. True, it is rather difficult to understand why one word would be deemed “vulgar, graphic and explicit,” but not the other one.
The Second Circuit also argued that, since the standards used by the FCC are “indiscernible,” there is a risk that they “will be enforced in a discriminatory manner.” However, the Second Circuit “ha[s] no reason to suspect that the FCC is using its indecency policy as a means of suppressing particular points of view.” The mere risk of subjectivity is a chill to speech protected by the First Amendment.
Tuesday, July 13, 2010
Safe Harbor: Blog Post
Last April, the Düsseldorfer Kreis, an informal group of German data protection authorities, published a decision that could have significant repercussions on U.S. companies importing personal data from organizations operating in the European Union.
Cédric Laurant and I cowrote a blog post about this decision: "The Safe Harbor Framework: not a “safe harbor” anymore for US companies? German expert body insists on stronger compliance stance."
Cédric Laurant and I cowrote a blog post about this decision: "The Safe Harbor Framework: not a “safe harbor” anymore for US companies? German expert body insists on stronger compliance stance."
Friday, July 02, 2010
Online Impersonation
I have started a new blog covering online reputation and the law. Here is my first post on the California Senate Bill 1411 dealing with Online Impersonation
Thursday, June 17, 2010
City of Ontario, California, v. Quon
The SCOTUS ruled unanimously today in City of Ontario v. Quon that a Police Department had the right to search text-messages sent by police officers on government-issued pagers.
The California City of Ontario (the City) had distributed pagers to some of its employees, including some police officers. Under the City’s contract with Arch Wireless, the company providing the text-messaging service to the City, each pager was allotted 25,000 characters per month, after which the City had to pay additional fees. Employees were requested to reimburse the City for overcharges.
Some police officers were given pagers, among them respondent Quon. Mr. Quon and some of his colleagues used more than 25, 000 characters for several months and thus had to pay overcharges, which they did. The Ontario Police Department (OPD) decided in 2002 to audit its text-messaging practices. In order to determine whether messages were work-related, or whether messages were personal, the City asked Arch Wireless to mail them the transcripts of all messages. Some of these messages turned out to be sexually explicit, and most of them were of personal nature. Respondent Quon was disciplined for violating OPD’s rules.
Indeed, the City had a “Computer Usage, Internet and E-Mail policy” that applied to all of its employees. It specified that the City “reserves the right to monitor and log all network activity including e-mail and Internet use, with or without notice. Users should have no expectation of privacy when using these resources. Respondent Quon had signed an acknowledgment of that policy in 2000. Thes policy did not explicitly cover text messages, but, during a 2002 staff meeting, police officers were told that messages sent on the pagers were considered e-mails.
Mr. Quon and some of his colleagues filed a suit against the City, alleging inter alia that, by obtaining a transcript of their text messages, the City had violated their Fourth Amendment rights and the Stored Communications Act (SCA). The District Court granted Arch Wireless‘ motion for summary judgment on the SCA claim, but denied petitioner’s motion for summary judgment on the Fourth Amendment claims, as it determined that Mr. Quon had a reasonable expectation of privacy in his text messages.
The District Court distinguished between two types of audit. First, an audit could be made to find out whether the officer was using his pager for personal reasons. It found that such an audit is not reasonable. Second, an audit can be made to find out whether the existing character limits were inadequate, thus leading to officers having to pay for work-related messages. Such an audit would be reasonable. At trial, the District Court held that petioners had not violated the police officer’s Fourth Amendment rights.
Mr. Quon appealed, and the Ninth Circuit reversed in part. Quon had a reasonable expectation of privacy in his text messages, and the search was not reasonable, as there were “less-intrusive means” by which the OPD could have verified the efficacy of the 25,000 character limit. The Ninth Circuit also concluded that Arch Wireless had violated the SCA by turning over the transcript of the messages to the City. Arch Wireless was an Electronic Communications Service provider (ECS) to the City. The City was a subscriber, not an addressee or intended recipient of the communications, and it thus violated the SCA, 18 § 2702 (a)(1). Unfortunately, the merits of the SCA claim were not before the SCOTUS.
The Ninth Circuit denied a petition for rehearing en banc. The Supreme Court granted certiorari.
Fourth Amendment
The Fourth Amendment states: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated . . . .” It applies when the Government acts in its capacity as an employer.
In O’Connor v. Ortega, 480, U.S. 709, 717 (1987), the SCOTUS had held that “[i]ndividuals do not lose Fourth Amendment rights merely because they work for the government instead of a private employer.” O’Connor also set a two-step test to determine whether a government employment should have a reasonable expectation of privacy.
First, the court must determine on a case-by-case basis whether the government office is so open to fellow employees or the public that no expectation of privacy is reasonable. Second, if the employee indeed does have a reasonable expectation of privacy, the court must determine whether or not the employer may intrude on that expectation “for non investigatory, work-related purposes, as well as for investigations of work-related misconduct, should be judged by the standard of reasonableness under all the circumstances.” O’Connor, at 725–726.
Justice Scalia concurred in O’Connor, but would have dispensed with an inquiry into “operational realities” and would conclude “that the offices of government employees . . . are covered by Fourth Amendment protections as a general matter” Id., at 731. Justice Scalia would also have held “that government searches to retrieve work-related materials or to investigate violations of workplace rules—searches of the sort that are regarded as reasonable and normal in the private-employer context—do not violate the Fourth Amendment,” Id., at 732.
So there are two methods, but Justice Kennedy, who delivered today’s opinion, wrote that both methods would lead to the same results in the Quon case.
Did Quon have a reasonable expectation of privacy in his text messages?
Unfortunately, the SCOTUS shied away from answering that question.
The OPPD had a Computer Policy which extended to text messaging. Respondent contended that he had been told that an audit would not be necessary if he would pay for the overage, and thus had a reasonable expectation of privacy in the contents of his messages.
The SCOTUS expressed caution when having to consider “the concept of privacy expectations in communications made on electronic equipment owned by a government employer” as “the judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear” in cases such as Olmstead or Katz. Thus, “prudence counsels caution before the facts in the instant case are used to establish far-reaching premises that define the existence, and extent, of privacy expectations enjoyed by employees when using employer-provided communication devices.”
The message is clear: the SCOTUS does not want Quon to become the reference case setting the threshold for an employee’s expectation of privacy in their messages sent using the numerous communications devices provided to them by their employer. Indeed, the “rapid changes in the dynamics of communications” make it difficult to predict “how employees’ privacy expectations will be shaped by those changes or the degree to which society will be prepared to recognize those expectations as reasonable.“ So “a broad holding concerning employees’ privacy expectations vis-à-vis employer-provided technological equipment might have implications for future cases that cannot be predicted. It is preferable to dispose of this case on narrower grounds.“
Searches without warrant are per se unreasonable under the Fourth Amendment, but there are some exceptions, and the SCOTUs held in O’Connor that “special needs” of the workplace justify one such exception, if the search is “justified at its inception” and if “the measures adopted are reasonably related to the objectives of the search and not excessively intrusive in light of” the circumstances giving rise to the search, 480 U. S., at 725-726. Such was the case in this matter according to the SCOTUS.
The Ninth Circuit had reversed because the search was not reasonable, as there were many simple ways by which the OPD could have verified the efficacy of the 25,000 character limit, without intruding on respondent’s Fourth Amendment rights. The SCOTUS held that this approach was inconsistent with controlling precedents, as the SCOTUS has “repeatedly refused to declare that only the ‘least intrusive’ search practicable can be reasonable under the Fourth Amendment.” Vernonia School District , 515 U.S. 646, 663.
Since the search was motivated by a legitimate work-related purpose, and because it was not excessive in scope, it was reasonable under the O’Connor approach. The SCOTUS reverses the judgment of the Ninth Circuit.
Subscribe to:
Posts (Atom)
