No on 1; Yes on Disclosure

There is a time and place for everything – even privacy.

Cloaked behind a veil of secrecy, the National Organization for Marriage (NOM), a NJ-based anti-LGBT hate group, has been leading the fight in Maine to repeal that states same-sex marriage law.

This past week, according to the Portland Press Herald, a federal judge “ruled that Maine's reporting requirements for ballot question campaigns do not violate the First Amendment of the U.S. Constitution” and that NOM must disclose its donor list.

"Maine is entitled to conclude that its electorate needs to know, on an ongoing basis, the source of financial support for those who are taking positions on a ballot initiative," wrote Judge D. Brock Hornby in his ruling.

While this issue doesn’t stem from the digital domain, any issue of privacy has online implications. Last year, a California court ruled “Yes on 8” donors must be made public, and that information was quickly used by gay marriage supporters, mapping contributors and boycotting businesses.

Maine’s citizens will vote on the law this Tuesday on Ballot Question 1. Voting no preserves the state's gay marriage laws. If you are in Maine, please vote NO.

Paparazzi take a blow from the Terminator

In a land where the online and offline worlds collide – and the lines between public, private, reality and fantasy have been blurred into oblivion – there has been an important step forward to protecting privacy both online and off.

Last week, California Governor Arnold Schwarzenegger signed into law a groundbreaking anti-paparazzi law that allows civil suits to be filed against media outlets who publish photos that were illegally taken.

According to the AP: The amendment permits lawsuits against media outlets that pay for and make first use of material they knew was improperly obtained.

Celebrity-focused magazines, TV shows and websites like US Weekly, TMZ and PerezHilton often pay millions of dollars for exclusive photos.

Until now, photographers have been restricted (with questionable success) on what was fair game and how they could get their shot. But this is the first time that media outlets have been targeted by legislation.

According to MTV, Schwarzenegger signed a bill in 2005 that tripled the damages celebrities could seek from overly aggressive paparazzi.

But I question how effective this will be. The law, which takes effect in January 2010 will fine violator publications up to $50,000 – which may just be seen as the cost of doing business. When you’re already paying $5,000,000 million for a single image, what’s another 0.01%?

According to the AP (me), it’s a blow to the paparazzi/entertainment industry – but not one that will leave a mark for very long.

NYT: Medical Records No Safer than Movie Rental Info

What do Netflix and your health insurer have in common? More than you might think, according to an article in yesterday’s New York Times.

For starters, both collect personal data about, like your name, address, phone number, credit information, payment history, purchase behavior and preferences.

And both strip personally identifiable information from these records, which are then sold to researchers and marketers to ultimately better understand and target you as a consumer.

While that may be a little creepy, it’s nothing out of the ordinary and totally legal. But, according to researchers at the University of Texas at Austin, it is possible to re-identify individuals associated with the data based on otherwise innocuous information we all leave around the web – like chat logs, Twitter feeds, online comments and blogs.

Similar to a scam artist rummaging through your trash for bank statements you thought you destroyed, researchers say that your online footprint can aid in re-identifying information that is otherwise scrambled and scrubbed.

And while it might just be a little embarrassing for your Netflix history to get out (What do you mean you rented Another Gay Movie?), health records carry heavier implications and could cause irreparable “social, professional and financial harm,” according to the Times.

The scary thing is that there’s really nothing protecting the consumer at this point. If companies scramble and de-personalize your data, they’re in the clear to use it however they want. And it’s big business.

According to George Hill, an analyst at Leerink Swann, a health care investment bank, the clinical information market represents $8-10 billion in sales annually.

Yet while there are no safeguards to prevent reverse-identification of consumer data, the risk is evident.

According to the times: In 1997, for example, a researcher identified the medical records of William Weld, then the governor of Massachusetts, by correlating birthdays, ZIP codes and gender in voter registration rolls and information published by the state’s government insurance commission.

In the Times article, Dr. Deborah Peel, director of a Texas-based watchdog group, likened consumer risk to the Paris Hilton Sex Tape: “Once personal health data gets out there … it is going to be out there forever.”

A Just Death: Act To Prevent Predatory Marketing Practices against Minors

Claiming that it violated the First Amendment, companies like Yahoo!, AOL, eBay (disclosure: client), and News Corp. as well as the Association of National Advertisers, the Motion Picture Association of America and the civil liberties advocacy group Center for Democracy & Technology, yesterday convinced the Maine legislature to repeal an act designed to protect minors from aggressive data collection.

What sounded like a great idea to protect children was doomed from the start though. According to the Wall Street Journal, Maine’s attorney general decided not to enforce the law even before it was scheduled to go into effect, with the understanding that minors under 13 were already protected by the Children’s Online Privacy Protection Act.

While applauding the law’s intent, the committee determined that the “Act To Prevent Predatory Marketing Practices against Minors” was too broad and limiting – and could affect whether major companies do business in the state.

According to MediaPost, the law “prohibits companies from knowingly collecting personal information or health-related information from minors under 18 without their parents' consent.”

In theory that’s great, but there are some major pitfalls.

According to the WSJ:

In the complaint, the Maine Independent Colleges Association, for example, protested that the law would prevent Maine colleges from sending marketing materials to minors who requested information without first obtaining parental consent.

And according to MediaPost:

[Opponents] argued that the law could result in companies like Something Fishy -- which offers an online forum where teens discuss eating disorders. Something Fishy appears to violate the Maine law because it allows minors under 18 to register and participate without parental permission.

According to the AP (me), Maine’s lawmakers got it right on this one. But again, this showcases how society needs to keep an open mind to all sides as we move ahead in the digital future.

Photo via MediaPost

PMs call for Increased Internet Privacy

Last week, I posted about a recent move by Rep. Rick Boucher (D-VA) to introduce legislation that would provide Americans with greater online privacy protections.

In a similar move, according to ComputerWeekly, Britain’s Prime Ministers called yesterday for a “Green Paper” to offer their citizens enhanced privacy protection both on and offline.

Across borders, governments are recognizing that privacy protection is a real and growing issue, as the global society moves increasingly online. Cloud computing as well as advertising vehicles like Facebook’s Beacon and Google Wave are just a few examples of how we are handing over our personal information – knowingly and unknowingly – to advertisers.

In yesterday’s Green Paper request, the MPs went a step further to say that the ISP – internet service providers – should bear more of the responsibility for safeguarding their users privacy and online security.

Like Rep. Boucher’s vision, PMs said that consumers should explicitly opt in to targeted online advertising.

MP Derek Wyatt, chairman of the All Party Parliamentary Communications group (apComms), predicted that Internet privacy would become a “very big” issue over the next five years, especially if nothing is done now.

Not really groundbreaking insight from the MP, but it does subtly highlight that right now there is a lot of talk without much action.

Google Execs Face Jail in Italy

Apparently, Google isn’t watching you as closely as some people would like.

Two senior executives from the search giant could face up to three years in prison if they’re convicted for violating Italian privacy laws.

According to the BBC, the charges stem from a 2006 YouTube posting that shows an Italian primary school student with Downs Syndrome being bullied by four classmates with at least a dozen others looking on.

The video was posted just before Google acquired the video-hosting site, but Italian officials argue that there were inadequate content filters in place to remove the post and that the video itself violates Italian law since it was uploaded without the consent of everyone involved.

Google, of course, maintains that it has broken no laws. The video was up for several months, but Google says it was removed after they received complaints. They also maintain that no laws were broken, as the video was hosted in the U.S., where privacy laws are much more relaxed.

Some people are looking at this as an opportunity to take a (potentially, but not yet) high-profile anti-American or anti-Google stance. Whether or not that's the case this underscores at least one thing: We are living in a global society where technology is outpacing the law and we need to coordinate and cooperate across boarders with a modicum of reasonability (hello Italian courts) and responsibility (looking at you, Google).

A decision is expected in December.

Beacon of Hope

So maybe Sean Lane got what he deserved having purchased his wife’s engagement ring on Overstock.com, but what was intended as a pure act of love became the hallmark example in what ultimately unraveled what Facebook saw as a viable advertising system.

Lane, who’s internet privacy is now shot because of this incident, purchased a diamond ring for Shannon, his bride-to-be, on the high-volume discount website (classy). But without his knowledge or permission his purchase was published on his Facebook news feed through Beacon, one of FB’s advertising products.

The resulting class action court filing, Lane et al vs. Facebook, Inc, describes how it works (via CNET):

"[Whether or not] the user was not a member (of Facebook), Facebook still obtained the notification from the Facebook Beacon Activated Affiliate. Information regarding user activities was sent in real time to a third party Web site--one which was not open or active in the user's browser, and one which, in many cases, the user may never even have visited or heard of."

Got that? So basically, Facebook’s Beacon gathered personal data without users’ permission, or even their membership in Facebook, to sell to their advertising clients. And Overstock isn’t the only one, just the main whipping boy. A similar class action suit against Blockbuster Video is being heard in Texas, and a full list of Beacon clients can be found here.

In 2008 Facebook CEO had this to say about Beacon (via LA Times), "[Beacon] might take some work for us to get this exactly right, [but] is something we think is going to be a really good thing." Nevertheless, Lane et al vs. Facebook was settled last week, and not only will Beacon go dark, but Facebook will donate nearly $10 million to establish a foundation to address online privacy and safety concerns.

So chalk one up for the little guy and the privacy advocates. But what does this mean for the marketers? Will cases like this push them toward greater transparency, or further under the radar of everyday consumers? Only time will tell, but for now, privacy advocates see this as a beacon of hope.

Google v. Skank

While it’s easy to hide behind your keyboard in a veil of anonymity, the expectation of privacy may be a thing of the past.

Last month, Google faced a subpoena to reveal the identity of an anonymous user of its Blogger service (i.e., the one I’m using now) posting to the blog “Skanks in NYC,” which has since been removed. The blogger, now identified as Rosemary Port, had called model Liskula Cohen a “skank” among other choice names.

Cohen decided she wanted to sue for defamation, and pushed the New York courts to issue subpoena, forcing Google to unmask their otherwise anonymous user. Unlike the California courts, which said that “skank” is a “derogatory slang term of recent vintage [and] has no generally recognized meaning,” the New York courts determined that “skank” is a specifically defined word and that the case could move ahead.

Yet, as soon as Google revealed Port’s identity, Cohen dropped the charges. Now Port is planning to sue Google for $15 million.

And as much as I like working the word “skank” into an academically focused blog, there are some real and significant implications here. According to Matt Zimmerman of the Electronic Frontier Foundation, “If average users on the Internet think that they can use the court system to just figure out who is being mean to them, I think you really open the door for abusing the court system.”

We’re still very much in Wild West phase with the web, adjusting norms, expectations and regulation as it evolves. The courts need to quickly catch up to adequately protect the First Amendment and our rights as private citizens, while understanding the threshold for should and can be legitimately enforced.

(Photo of Liskula Cohen, accused skank, via New York Daily News)