Slashdot Mirror

schwit1 quotes a report from Bloomberg: A judge scolded Facebook for misconstruing his own rulings as he ordered the company to face a high-stakes trial accusing it of violating user privacy. The social media giant has misinterpreted prior court orders by continuing to assert the "faulty proposition" that users can't win their lawsuit under an Illinois biometric privacy law without proving an "actual injury," U.S. District Judge James Donato said in a ruling Monday. Likewise, the company's argument that it's immune from having to pay a minimum of $1,000, and as much as $5,000, for each violation of the law is "not a sound proposition," he said. Under the Illinois Biometric Information Privacy Act, the damages in play at a jury trial set for July 9 in San Francisco could easily reach into the billions of dollars for the millions of users whose photos were allegedly scanned without consent. Apart from his concerns about the "troubling theme" in Facebook's legal arguments, Donato ruled a trial must go forward because there are multiple factual issues in dispute, including a sharp disagreement over how the company's photo-tagging software processes human faces.

Kagato quotes a report from St. Paul Pioneer Press: In a surprise move, the Minnesota Senate on Wednesday voted to bar internet service providers from selling their users' personal data without express written consent. The move was a reaction to a Tuesday vote in Congress to lift a ban on that practice imposed in 2016 by the Federal Communication Commission. Sen. Ron Latz, DFL-St. Louis Park, offered the amendment onto the Senate's economic development budget bill, saying it was urgently needed to protect Minnesotans' privacy after the congressional vote. Latz's amendment was challenged under Senate rules on the grounds that it would impose a cost on a state agency and thus needed to go through committee rather than be added on the floor. Republican Sen. Warren Limmer, of Maple Grove, broke with his party to overturn the Senate president's ruling and allow the internet privacy amendment to continue by a single vote. Once the amendment cleared this procedural hurdle, it was overwhelmingly added to the bill on a 66-1 vote. The lone critic, Sen. David Osmek, R-Mound, said Latz's amendment needed more study and review before being adopted. The Register reports that Illinois has also fought back against Tuesday's vote by approving two new privacy measures. "On Thursday, the state's Cybersecurity, Data Analytics and IT Committee approved two new privacy measures," reports The Register. "One would allow state residents to demand what data companies such as Comcast, Verizon, Google and Facebook is sharing about them. The other would require consent before an app can track users' locations."

Kagato quotes a report from St. Paul Pioneer Press: In a surprise move, the Minnesota Senate on Wednesday voted to bar internet service providers from selling their users' personal data without express written consent. The move was a reaction to a Tuesday vote in Congress to lift a ban on that practice imposed in 2016 by the Federal Communication Commission. Sen. Ron Latz, DFL-St. Louis Park, offered the amendment onto the Senate's economic development budget bill, saying it was urgently needed to protect Minnesotans' privacy after the congressional vote. Latz's amendment was challenged under Senate rules on the grounds that it would impose a cost on a state agency and thus needed to go through committee rather than be added on the floor. Republican Sen. Warren Limmer, of Maple Grove, broke with his party to overturn the Senate president's ruling and allow the internet privacy amendment to continue by a single vote. Once the amendment cleared this procedural hurdle, it was overwhelmingly added to the bill on a 66-1 vote. The lone critic, Sen. David Osmek, R-Mound, said Latz's amendment needed more study and review before being adopted. The Register reports that Illinois has also fought back against Tuesday's vote by approving two new privacy measures. "On Thursday, the state's Cybersecurity, Data Analytics and IT Committee approved two new privacy measures," reports The Register. "One would allow state residents to demand what data companies such as Comcast, Verizon, Google and Facebook is sharing about them. The other would require consent before an app can track users' locations."

An anonymous reader quotes a report from Motherboard: Apple is planning to fight proposed electronics "Right to Repair" legislation being considered by the Nebraska state legislature, according to a source within the legislature who is familiar with the bill's path through the statehouse. The legislation would require Apple and other electronics manufacturers to sell repair parts to consumers and independent repair shops, and would require manufacturers to make diagnostic and service manuals available to the public. Nebraska is one of eight states that are considering right to repair bills; last month, Nebraska, Minnesota, New York, Massachusetts, Kansas, and Wyoming introduced legislation. Last week, lawmakers in Illinois and Tennessee officially introduced similar bills. According to the source, an Apple representative, staffer, or lobbyist will testify against the bill at a hearing in Lincoln on March 9. ATT will also argue against the bill, the source said. The source told me that at least one of the companies plans to say that consumers who repair their own phones could cause lithium batteries to catch fire. So far, Nebraska is the only state to schedule a hearing for its legislation.

An anonymous reader writes: As face recognition software becomes more capable, companies and governments are coming up with new ways to use it. Microsoft has already patented a Minority Report-style personalized billboard, and loss prevention departments in big stores are rolling out systems to "pre-identify" shoplifters. But this rush to implement the technology runs afoul of privacy laws in at least two U.S. states: Illinois and Texas forbid the use of face recognition software without "informed consent" from the target. Facebook is the target of a recent lawsuit in Illinois over this exact issue; it's likely to test the strength of such a law. "Facebook and Google use facial recognition to detect when a user appears in a photograph and to suggest that he or she be tagged. Facebook calls this "Tag Suggestions" ... With the boom in personalized advertising technology, a facial recognition database of its users is likely very, very valuable to Facebook. ... Eager to extract that value, Facebook signed users up by default when it introduced Tag Suggestions in 2011. This meant that Facebook calculated faceprints for every user who didn't take the steps to opt out." If Facebook loses and citizens start pushing for similar laws in other states, it could keep our activities in public relatively anonymous for a bit longer.

derekmead writes: School districts in Illinois are telling parents that a new law may require school officials to demand the social media passwords of students if they are suspected in cyberbullying cases or are otherwise suspected of breaking school rules. The law (PDF), which went into effect on January 1, defines cyberbullying and makes harassment on Facebook, Twitter, or via other digital means a violation of the state's school code, even if the bullying happens outside of school hours. A letter sent out to parents in the Triad Community Unit School District #2, a district located just over the Missouri-Illinois line near St. Louis, that was obtained by Motherboard says that school officials can demand students give them their passwords.

Frequent Slashdot contributor Bennett Haselton writes with his take on a recent court decision about the rights of online commenters. "Although a court has ruled that the police can subpoena the identities of users who posted comments in a newspaper's blog, I think this is not as big of a threat to journalistic integrity as it might seem. And in any case when the judge ruled against the privacy rights of 'bloggers,' he didn't actually mean 'bloggers." Read on for the rest of Bennett's thoughts.

After writing that a Virginia court made an error in saying that spoofing an IP address in e-mail headers was analogous to using a "pseudonym," and that an Ontario court was wrong in saying that an IP address could be subpoenaed by a court because it was no more secret than personal information like a "home address," I think that the latest court ruling against online anonymity — an Illinois judge ordering a newspaper to reveal the identities of people who posted comments on its blog — is not as big of a threat to online privacy, and is not apparently based on any misconceptions about how the Internet works. However, the ruling has the potential to frighten bloggers more than necessary (as well as possibly set a bad precedent for future courts if they don't read the decision closely enough) because the ruling uses the word "bloggers" repeatedly to refer to what everyone else calls "blog commenters."

Police had asked the Alton Telegraph to reveal the identities of five people who had posted comments in the newspaper's blog which indicated they might have knowledge relevant to an ongoing murder investigation. The newspaper sued to avoid being forced to hand over the commenters' identities, saying that they were "news sources" protected under Illinois's newspaper shield law. Judge Richard Tognarelli ruled that blog commenters did not count as "sources" under the shield law, and allowed the police to go forward in obtaining the identity of two of the commenters, but denied the request to unmask three others, on the grounds that those commenters did not appear to have information relevant to the case.

To consider the relevant questions separately:

Is this legally correct?

Every time I raise a question like this, it provokes the ire of law students and lawyers who say that judges are the real experts on what is legally correct, and it's not appropriate for lay people to comment. As I never tire of saying, if judges are really "experts" in a sense that lay people are not, then it should be possible to put 10 judges in separate rooms, present them with the same facts of the same case, and have most of them independently come to the same conclusion about the correct answer, with a higher degree of accuracy than lay people would be able to reach the same conclusion. If this is not the case, then the judges are not playing the role of "experts" so much as "designated decision-makers," and it's perfectly fair for lay people to analyze whether the judges' reasoning appears correct.

In this case, the judge simply said that blog commenters are not news "sources" in the sense described by the law. The text of the shield law (735 ILCS 5/8-901) defines a "source" as "the person or means from or through which the news or information was obtained." Now, if you were to parse this super-literally, then the blog commenters could be considered "sources" because they are posting "information" which can be "obtained" by the reporters who later go back and read through the blog comments. But if you were to be that literal about it, then anybody who publishes "information" anywhere at all, including someone who posts a timetable of train departure times on their Web page, could be considered a "source" for information used by a reporter. Clearly the legislature did not intend for the term "source" to include all people who publish information anywhere under the sun (just because that information is technically available to reporters just like it's available to everyone else), or they would have said so. So it seems reasonable to assume that when the law refers to sources from whom reporters "obtain information," it refers to the way in which reporters normally obtain information in their role as reporters obtaining information from sources — that is, the source privately communicating with a reporter with some expectation of anonymity, hoping the reporter can use the information provided for research on a future story. Blog commenters do not fit that definition since (a) they are posting publicly, and (b) they are responding to a story that has already been written.

The judge also noted that the shield law is not absolute, and even for individuals who are considered "sources" under the law, their interest in maintaining anonymity has to be weighed against the importance of the information being sought. Judge Tognarelli wrote, "The Telegraph has an interest in protecting its online blogger's identities while the State has an interest in prosecuting someone who has allegedly murdered a child." That sounded to me like sarcasm on first reading, but actually I think he's just being logically rigorous.

So in this case, I think that you really could probably put 10 different judges in separate rooms and present them with the same facts and arguments, and have most of them (although probably not an overwhelming majority) come to the same conclusion. On the other hand, I would bet that you could ask 10 reasonably smart lay people to analyze the case, and about the same proportion of them would come to the same conclusion as well.

Is this logically correct?

By that I mean, could the arguments made in this ruling be extended to a conclusion that is clearly absurd?

Sometimes a ruling can be apparently in line with the law, but would have implications that would be absurd if carried only one step further. For example, in one of my spam cases in Small Claims court where I brought a case on behalf of Peacefire as a Washington corporation that I owned, a judge ruled that I couldn't represent Peacefire because the corporation was a separate legal entity. This would seem to be in line with the legal principle that only lawyers who are licensed to practice law are allowed to represent entities other than themselves; non-lawyers can only represent themselves. But carried one step further, the same principle leads to a conclusion that makes no sense: If corporations cannot be represented in Small Claims court by their owners, then since lawyers are not allowed in Small Claims court either, the logical conclusion would be that corporations cannot be represented by anybody in Small Claims court. By that logic, I (as an individual) could sue a corporation for any reason, and since nobody would be allowed to defend the case, I would have to win by default! Since that conclusion is obviously absurd, at least one of those two rules (the rule against lawyers in Small Claims, or the rule against people in Small Claims representing entities other than themselves) would have to be relaxed, and in the interests of keeping costs down, it makes more sense to let individuals represent corporations that they own. This is probably why every other judge so far has made the opposite ruling, that I am allowed to represent a corporation in Small Claims court if I'm the owner.

Does Judge Tognarelli's ruling lead to any absurd conclusions? I don't think so. In fact, the opposite conclusion could have led to an absurd result, if the judge had ruled that commenters posting on the newspaper's blog could seek protection as "news sources." If blog commenters were protected for comments they posted on the newspaper's blog, why shouldn't they be protected for comments they post on their own Web site somewhere else, since the two situations are logically equivalent? In both cases, you're speaking to the entire world, not providing information privately to a reporter. By extension, anybody who says anything, anywhere, at any time, would be protected as a "news source" if a reporter could later find a record of what that person said. While there are possibly merits to that idea — that all anonymous speakers should be protected from being unmasked — it's clearly not what the legislature meant, since they were legislating protection for "sources," not "everybody."

When the judge said "bloggers," did he mean "bloggers"?

No. This is the biggest flaw in what otherwise appears to be a logically and technically literate ruling: The court repeatedly used "bloggers" to refer to blog commenters:

"The subpoena seeks identifying information for bloggers who voluntarily left comments on the website..."

"Here, it is clear that the 'reporter' did not use any information from the bloggers..."

"The Telegraph has an interest in protecting its online blogger's identities..."

That's fine as long as everybody understands what the judge really meant. However, if an actual blogger — one who publishes quasi-news articles on a blog and could be considered a reporter in the traditional sense — ever has to use the court system to protect their identity from being unmasked, there is a danger that a court could cite the current case as precedent and say that "bloggers don't count as news sources." I would hope that a future court would read the current decision carefully enough to realize that it refers to blog commenters and not actual bloggers, but there's no guarantee.

Is this bad for civil liberties?

It depends. I think that all the court really said was that while bona fide news sources are protected under the shield law, the shield law does not apply to all people who post public information that might potentially be used for a news story someday. That was already the de facto legal situation that most of us were in — if you post something in a public forum that makes the police think you have information that could be relevant to the prosecution of a crime, they can probably get a court to unmask your identity with a subpoena.

It may be tempting to think that courts should interpret the shield law more broadly, but be careful what you wish for — if the shield law got diluted to the point where it applied to everybody, then that increases the chances that courts would carve out more exceptions to it or the legislature would rescind it, since neither the courts nor the legislature generally think that everybody deserves legally guaranteed anonymity all of the time.

If you do think that everybody — or, at least, you — deserves guaranteed anonymity for online postings, you can use tools like Tor to make your identity completely untraceable. I would guess that none of the blog commenters in this case went to that trouble.

In fact, one of the two commenters whose identity was ordered unmasked by the court, used the handle "mrssully." What if that turns out to be a woman whose last name is Sully, and who could have been trivially identified if the police had called the murder defendants' friends and acquaintances and asked, "Hey, who do you think 'Mrs. Sully' is?" The court ruling said that "the Sheriff's Office contacted 117 different individuals regarding the incident" and that "it would be a very expensive and a 'monumental task' to re-interview all of those witnesses." To re-interview all of them, yes. But it would not be a monumental task to have a junior member of the police force call up each of the 117 phone numbers for the witnesses and leave a message saying, "Hey, do you know a 'Mrs. Sully' who is connected to the defendant?" If someone calls back and says Yes, then maybe you've found who you're looking for; if not, then you've only wasted about two hours trying (at sixty seconds per phone number), so go ahead with the subpoena. If it turns out that "Mrs. Sully" is someone who could have been found in this way, then as a taxpayer and as someone who supports law enforcement at least insofar as they're conducting murder investigations, I might reasonably ask why the police didn't do that first.

AlexDV writes "Library blogger Michael Stephens is reporting that an Illinois state senator, Matt Murphy (R-27, Palatine), has filed a bill that 'Creates the Social Networking Web site Prohibition Act. Provides that each public library must prohibit access to social networking Web sites on all computers made available to the public in the library. Provides that each public school must prohibit access to social networking Web sites on all computers made available to students in the school.' Here is the bill's full text." This local effort harks back to an attempt last May to get federal legislation banning school and library use of social networking sites (Wikipedia summary here). The DOPA bill passed the House but died in the Senate.