February 19, 2015

No Comments

New Radar Technology Used by Law Enforcement Presents Privacy Concerns

House

 

Written By: Jerry Chapin

 

The last thing one should expect when sitting at home with their doors locked and shades drawn is for the United States government to be watching their every move. It’s safe to say that most of us have accepted the fact that advances in satellite technology and high tech video surveillance have given the government the ability to monitor public areas, and in doing so take away from our personal expectation of privacy in those areas. However, our home has always been considered our castle, a place that has always required a warrant for the government to invade, thus giving us an increased sense of security and privacy therein. Nowadays, this sense of security seems to be a somewhat false one.

 

Our privacy is being threatened by a new technology called Range-R—a high tech radar system that allows law enforcement, through the use of thermal imaging, to peer through walls in order to see how many people are in a home. The Feds began using this technology in 2012 and have spent at least $180,000 purchasing radar devices to date, according to mainstream news reports. Like most invasive measures taken by the government, they failed to notify the public or the courts of their plan to implement its use.  Radar-R only became known to the public after the 10th Circuit Court of Appeals upheld its use after being used by law enforcement before entering a house, without a warrant, to arrest a man accused of violating his parole.

 

The device is small, hand held, and although it does not display clear images to its operator, it detects even the slightest movement within fifty feet. Radar-R gives law enforcement an incredibly accurate picture of how many people are in a home, where they are in that home, and what movements they are making inside.

 

Because the Fourth Amendment requires a showing of probable cause before the issuance of a warrant allowing physical entry—or other invasive entry such as wire-tapping—into private homes, it comes as no surprise that law enforcement has been keeping their new toy a secret. However, now that Range–R’s use is public knowledge, a judicial ruling requiring a warrant for its use is arguably highly foreseeable. This is especially true given the Supreme Courts ruling in Kyllo v. United States in 2001, where the use of thermal imaging was held to constitute a search, and therefore require a warrant. However, as of now the use of this invasive technology is entirely legal without a warrant.

 

Under the constitution, privacy in citizen’s homes has historically been of paramount importance. With a slew of Fourth Amendment concerns presented by the warrantless use of Radar–R, this new technology’s fate will likely be determined in court soon enough. However, the real concern is that the government seems fine with acting secretly and without Constitutional permission or legislative support. It seems that our government would rather shoot first and ask for permission later, a troublesome modus operandi when our privacy rights are on the line.  This being said, it seems as though the government’s blatant disregard for Fourth Amendment protections may slip “under the radar” yet again.

November 30, 2014

No Comments

Please Don’t Tag Me! Instagram for Doctors: #SpecificSymptoms, #RareDisease, #PatientConfidentiality, #PatientPrivacyRightsViolated

POSTED BY Cherie M. Ching

 

New informational sharing apps allow medical professionals to post photos and share comments regarding their patient’s medical conditions, similar to the components of the Instagram app.  Although these apps may provide a higher degree of efficient and effective services to medical patients, issues of breach of privacy rights and fiduciary duties arise.

 

Doctor’s appointment.  Not your favorite part of your day, particularly because it is usually scheduled due to health failure or after you have discovered something abnormal, and it always consumes an unnecessary part of your valuable day.  However, in reality, your doctor’s appointment should be considered THE valuable part of your day for the fact that you entrust your doctor with personal information and truthful information.  Private information, such as medical history and medical conditions, is probably unknown to most of the people in your life. You place a certain level of trust and confidence in your doctor, creating an important and non-waiveable fiduciary duty to provide you with the utmost respect and act in your best interest.

 

Medical records play two essential roles in the practice of medicine: First, they assist with patient health and wellness by better recording keeping and sharing, thereby provide quality treatment. Second, they help improve scientific research and development, and contribute to the advancement of medical sciences. These records consist of a broad range of information about the patient’s demographic, medical history, symptoms, and diagnosis.  Historically, doctors recorded and stored patient information in physical forms of x-rays, photos, diagnosis, and prescriptions. This time consuming process of transferring and delivering hard copies of medical information is being replaced by electronic sharing of digital graphs, image, and patient records.  This process allows collaboration in real-time and for a quicker response to concerns and updates regarding a patient’s situation. Patient’s medical records are essential in providing timely and accurate treatment.

 

Thousands of healthcare providers use apps as a database to upload, share, and review images.  These apps do not collect the medical information of the individual patient, but rather provide the means for a broad educational exchange between healthcare providers and medical students.  Patient consent is not a prerequisite for posting the photo, however, it is encouraged that pre-existing patient consent forms are provided.  As discussed in a recent BBC news article, Figure 1 has become a popular database for healthcare professionals to share photos by obscuring the identifying marks on the patient’s body.  Identifying the patient is not the intent of the program, but posting photos can inadvertently cause identification of a patient when a rare disorder or disease identified and a specific number of cases in the area are known.  In addition, if a specific doctor posts a photo, the identity of the patient may be easily determined.  The apps capacities are similar to the free social networking platform, Instagram, which allows users to take pictures and share them in real-time with other followers, tag followers and subjects, identify location of the photo, “like” the photo, and make comments.  Figure 1, like Instagram, allows users to chose their audience, which could be your private followers or public to anyone in the Figure 1 community.  If a doctor is not careful of appropriately masking the patient’s identity, he/she is at risks privacy violations.

 

Posting photos of a Sunday picnic or a day at the beach on Instagram is far different from posting a photo of a patient’s skin rashes.  Regardless of how the information is obtained, stored, or shared, privacy protection still applies and the Fourth Amendment protects each individual from privacy violations.  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets national standards for the security and protection of electronic patient health information.  Through HIPAA the privacy of individually identifiable health information is protected and notification is required if a breach of unsecured health information has occurs.  Even with patient consent, healthcare providers still risk breaching HIPAA standards if the patient does not understand the purpose for which his/her information is used. The Patient Safety and Quality Improvement Act of 2005 (PSQIA) similarly promotes protection of personally identifiable health information by establishing a voluntary reporting system aimed to enhance the data available to assess and resolve patient safety and health care quality issues.

 

With a broader range of searchable information, practitioners are able to expand their research grounds. Although not free from privacy concerns, health record sharing confirms the recipient, the location, and purpose of the shared information. Healthcare providers who use apps such as Figure 1, UpToDate, or DynaMed experience shortened hospital stays, fewer deaths, better quality performance, and rapid feedback for clinical questions. However, doctors reaping the benefits of such invocation should remember not to sacrifice their patient’s privacy.

 

Cherie is a 2L Staff Member of the Journal of High Technology Law at Suffolk Law.  She enjoys dancing, aerobics, and running.  Her fitness goal is to complete a half-marathon in every state.  

November 24, 2014

No Comments

Justice Department Mimics NSA Search Techniques

POSTED BY Christopher Mills

On June 5, 2013, The Guardian reported that the US government, specifically the NSA, had been listening into the phone calls, reading the text messages and even reading emails of U.S. citizens. This revelation changed how many Americans perceived their right to privacy from the government in relation to the use of technology. It appears as though that expectation of privacy is again being challenged, but this time, by the Justice Department.

The Wall Street Journal released an article on November 13, 2014, describing a program called the U.S. Marshals Service program that has been in use by the Justice Department since 2007. This program equips small planes with devices called “dirtboxes,” which mimic cell phone towers. Cell phones are designed to connect to the strongest cell tower signal in their surrounding location. When the plane is flying near a cell phone with this device on, the cell phone is tricked into believing the dirtbox is actually a cell phone tower. Once this happens, the cell phone sends its information to the dirtbox as it would with any normal cell phone tower. Cell phones with encryption software are no safer than regular phones as they don’t protect against this type of intrusion. Even cell phones that are not in use are not protected from identification through this system.

U.S. Marshalls use this software to locate criminals by flying around areas where they believe suspects being investigating are located. The dirtbox equipped plane then scans all of the cell phones in that area, lifting all their data into the dirtbox. In busy metropolitan areas, this could mean hundreds of thousands of cell phone searches per flight. Once the dirtbox finds the cell phone it is looking for, it “lets go” all the non-suspect cell phone information. The plane then moves onto another area and tests the signal strength of the suspects cell phone to attempt to pin an exact location on that individual. This system has been effective to place suspects within three meters of where they are standing.

These types of devices are not new to law enforcement. Similar devices called “Stringrays” have been in use by the government for years. Stingray devices have a much smaller range of use and typically are attached to cars driven by U.S. Marshalls tracking a suspect. While Stingrays may be able to search a few hundred phones within its immediate proximity, dirtboxes are able to search thousands.

At this time, we have more questions about this process than answers. It is known that the U.S. Marshalls using this program have been getting court orders to search for the suspect’s phones, but it is unclear exactly how much information about the process they disclosed to the judges. It is also unclear what procedures are in place to ensure that no information is stored from the innocent American cell phones that were picked up by the dirtboxes.

As with any privacy issue, we must balance the intrusion into innocent Americans expectation of privacy versus the need for the police to quickly and effectively locate criminals to keep the public safe. So long as these dirtboxes are immediately dropping all non-suspect cell phone data without storing any information for potential future use, the intrusion on innocent citizen privacy is minimal. This added intrusion must be balanced against the need to find each particular suspect and a determination should be made if there is a less intrusive, reasonable method of locating the suspect. Where there is no reasonable alternative, and extrinsic circumstances make it so the suspect must be located quickly, this method could be reasonable. This will all be contingent on the government quickly and completely disposing of all non-suspect cell phone information gathered without any substantial or unnecessary intrusion into said information.

 

Bio: Christopher Mills is a staff member of the Journal of High Technology Law and a 3L at Suffolk University Law School.

September 30, 2014

No Comments

Waste Heat Energy; Should Companies be Required to Capture it?

POSTED BY Cherie Ching

The heat and perspiration that one naturally produces while going out for a morning jog are the effects of a ‘machine’ producing energy to run, cool down, and release a type of ‘waste heat’ left over.  On a larger scale, data centers and manufactures also generate energy to run and cool down, releasing a greater amount of ‘waste heat.’  One difference, however, is that the waste heat created by these manufactures and data centers has the potential to be utilized into renewed energy, therefore, preventing the need for another source of energy.

Manufactures and data centers create heat waste, a byproduct of the energy produced, which can be processed into emission-free power and clean energy.  Amazon is planning to implement this process in their new Seattle office buildings by transferring heat from data centers in the same block.  Their plans will not only allow the waste heat to be rerouted for other energy sources, but also prevent dangerous emissions during the process.  Our dependence on technology rapidly increases and we as individuals also contribute to daily low-grade waste heat energy.  This waste heat is emitted into and remains in the immediate atmosphere, causing the same type of effect that greenhouse gases cause.

The Secretary and Administrator of the Environmental Protection Agency and Department of Energy have been working together since December 20, 2007 to implement a voluntary national information program called Energy Efficiency for Data Center Buildings for companies interested in significant energy saving.  42 U.S.C.A. § 17112 (2007).  Similarly, the Waste Energy Incentive Grant Program was initiated for energy efficiency and successful electricity production or incremental useful thermal energy from waste energy recovery.  42 U.S.C.A. § 6343 (2007).  It is uncertain if these incentives have produced enough results to show that more companies are participating in waste heat technology and energy efficiency.

Both programs are comparable to Seattle’s credit for hydronic heat system and encourage a more efficient use of waste heat.  However, by requiring companies to capture and process their waste heat into renewable clean energy, federal and state governments may infringe companies’ Fourth Amendment rights.  Fourth Amendment rights issues may include the right to choose how the company manages their energy sources, who they do business with, and what costs to incur in order to capture the waste heat.  In addition, property rights issues may arise with the technicalities of how the waste heat is transferred, such as with underground water pipes for Seattle’s hydronic heat systems.  The process to reuse the waste heat might end up creating more waste heat than the original waste heat.

Addressing this type of law would impact environmental law significantly because companies will be required to include a waste heat plan into their blueprints and financial budgets.  In addition, there will be more research conducted on the negative impacts of waste heat to the atmosphere and, state and federal governments will be forced to implement strict regulations on the emission of waste heat.  However, at the moment, companies are not obligated to use their waste heat or concern themselves with its effects after it is released.

To require employment of waste heat technology for clean energy may lead to Fourth Amendment issues because there is a lack of regulation on the amount of waste heat that can be emitted by companies.  By continuing to incentivize the transformation of waste heat into usable energy, more companies will hopefully participate.

 

Cherie is a 2L Staff Member of the Journal of High Technology Law at Suffolk Law.  She enjoys running and competed in the Track and Field 400m hurdles during her undergraduate program at Soka University of America, Aliso Viejo, CA. 

 

 

 

 

April 14, 2014

No Comments

Should Law Enforcement Officers be Allowed to Conduct a Warrantless Search of the Contents of a Cell Phone Seized Incident to the Lawful Arrest of a Criminal Suspect?

POSTED BY Caroline Carollo

Although we are living in the age of technology, there are still many unanswered questions as to how certain forms of technology fit within the legal world. Specifically, there is not a clear answer as to whether Fourth Amendment protections apply to one’s personal technology devices, such as cell phones and computers. However, it looks like we are finally going to be getting some answers. On April 29, the U.S. Supreme Court will hear arguments in two cases involving whether the police may search the contents of a cell phone seized incident to the lawful arrest of a criminal suspect.

In the first case, United States v. Wurie, Boston police officers arrested Brima Wurie for possession of crack cocaine after they observed him make a sale to another person. Mr. Wurie was searched and the police recovered two cellphones. While he was being booked, one of the cellphones, a Verizon LG flip phone, received various calls from someone under the name “my house.” Without obtaining a warrant, the police officers went through the call log on the cellphone and obtained the phone number that called from “my house.” The officers were then able to get the address associated with that phone number through an online directory. Although Mr. Wurie denied living at that address, the police believed he did live there and suspected that they would find a larger amount of crack cocaine there. When they arrived at this address, they saw a mailbox with Mr. Wurie’s name on it as well as a woman through the window that closely resembled the woman featured as the background picture on Mr. Wurie’s cell phone. The officers obtained a search warrant for the house and found 215 grams of crack cocaine and other contraband.

Mr. Wurie filed a motion to suppress the cell phone search, but a federal district court denied his motion. As a result, Mr. Wurie was convicted and sentenced to 262 months in prison. On appeal, a panel of the 1st U.S. Circuit Court of Appeals ruled 2-1 that evidence obtained in connection with the warrantless search of the cell phone should have been suppressed. The court looked at U.S. v. Robinson, 414 U.S. 218, 235-36 (1973), where the Court held that officers conducting a search incident to arrest may open and search through all items on the suspect, even when they are in a closed container. However, the 1st Circuit distinguished a cell phone from a purse or address book, arguing that the former is like a computer and contains information of a highly personal nature. Thus, the court held that warrantless cell phone searches were unlawful under the search-incident-to-arrest exception to the Fourth Amendment.

In the second cell phone case that the Supreme Court will hear, Riley v. California, David Leon Riley was pulled over by police officers for having expired tags. The officers discovered that Mr. Riley’s license was expired, and they impounded his car. Two guns were discovered during the inventory search of the car, and Mr. Riley was subsequently arrested. The police seized Mr. Riley’s cell phone, a Samsung smartphone, and conducted two warrantless searches of it. The first search occurred at the scene, where police went through the cell phone’s contents and believed that some words in the text messages and contacts were gang-related. The officers conducted the second search at the police station hours later. A gang unit detective searched the cell phone looking for evidence of other crimes and discovered photos and videos suggesting that Mr. Riley was a gang member. The detective also discovered a photograph linking Mr. Riley to a shooting that had recently occurred.

Mr. Riley was charged with attempted murder, and he was convicted based mainly on circumstantial evidence found in the photos. He was sentenced to 15 years to life in prison due to gang-related sentencing enhancements. Prior to the ruling in Mr. Riley’s case, the California Supreme Court held in People v. Diaz, 244 P.3d 501, 505-06 (2011) that the Fourth Amendment’s search-incident-to-arrest doctrine allowed police to search cell phones, even hours later, if the phone had been taken from the person of the arrestee. A state appellate court held that the Diaz decision controlled Mr. Riley’s case and the police searches of Mr. Riley’s cell phone were legal.

Courts have previously held that law enforcement officers are allowed to search an individual’s person and effects when they place them under arrest. Nevertheless, modern cell phones enable access to a significant amount of personal data, most of which is unrelated to the government’s reason for securing an arrestee. I believe that allowing police officers to conduct a warrantless search of a person’s cell phone following an arrest would be a substantial infringement on privacy and unreasonable under the Fourth Amendment. Furthermore, warrantless searches are unnecessary when there are procedures available that allow law enforcement to secure cell phone data while waiting for a judicial determination of probable cause.

In regards to what the Court will decide, I do not believe the Court will hold that all warrantless, nonconsensual cell phone searches are unreasonable. I also do not believe that the Court will hold that all searches of such devices are reasonable if conducted incident to a lawful arrest. Instead, I believe the Court will utilize a totality of the circumstances, case-by-case approach. Such an approach would balance the degree of intrusion on an arrestee’s privacy interest against the government’s justification for conducting the warrantless search.

January 7, 2014

No Comments

Use of Facial Recognition Software Raises Privacy Concerns

POSTED BY Michael Yacubian

Anyone remember that movie where Tom Cruise saves the world from the overbearing police state? No, not Cocktail. I’m talking about Minority Report, the one where he stops future crimes from happening by using “precognition”. Well, potential human psychic abilities aside, in the movie, after The Cruise ends up on the wrong side of the law, he has to get a shady black market eye transplant so that none of the numerous scanners can read him and report his identity while he walks through the central business district.

In a movie filled with “Police State” analogies, this is one of the lighter invasions of privacy, and yet it’s pretty scary to think about. What if the government, or any organization, could monitor your location just by recognizing your face? In a world with ever increasing availability of surveillance technology, the truth is that your face, as you walk to work, as you head home from dinner while out with friends, is being captured multiple times. And what’s even more frightening, once they have that image, it does not take leap and bounds to find out your identity. Facial recognition software, which keys in on features and analyzes size and shape of eyes, noses, cheekbones and jaws to find a match is surprisingly efficient.

The use of such facial recognition software recently came to fruition in Ohio, where without notice or debate or any kind, facial recognition software was implemented that allowed officers to take photos of potential suspects, and scan databases of driver’s license photos and police mug shots to identify crime suspects. One writer aptly described “The feet-on-the-ground equivalent would be having officers canvass a public area, grabbing IDs from anyone it wishes and running their records.”

Furthermore, Ohio is by no means the only state involved in such investigative technologies. The Washington Post reported that 37 states use facial recognition in driver’s license registrations. Twenty-six of these states also allow law enforcement — local, state and federal — to search or request searches of the database as photos could pertain to investigations.

It is obvious, this is a huge advantage to police investigations. But how far does it go? Examples of the successful use of this technology are forthcoming. In one case, during a heists of a New York Cab driver, a camera on the dashboard of a victim’s car snapped a shot of the gun-wielding suspect. The cops ran the photo through their face-recognition and compared it to the mugshot database, which brought them to a possible match. This technology is not only accurate, but saves time and money. Read more here.

However, the question remains, is the use of such facial recognition software an invasion of privacy that was designed to be protected by unreasonable search and seizure under the fourth amendment? The fact is, like in the case illustrated above, where they have a picture of a suspect, gun in hand (in this case), it seems plausible that probable cause exists. However, that is not always the case and it seems there is no threshold that needs to be meet when police use facial recognition.

So what kind of protection does the 4th amendment provide for such situations?

In the Katz case (Katz v. United States, 389 U.S. 347 (1967)), Justice Harlan laid out an explicit two-part test to determine if law enforcement activity constitutes a search under the Fourth Amendment: “[F]irst that person have exhibited an actual (subjective) expectation of privacy, and, second, that the expectation be one that society is prepared to recognize as ‘reasonable.’” Using this test, the use of a tracking device was ruled not be a search in accordance with constitutional protection because the search was within the public and no increased expectation of privacy existed. This two-prong test has become the de facto standard for determining whether a search has occurred.

However, more recent cases have continued to toy with this test and its application to newer technologies. In the Jones case (United States v. Jones, 132 S. Ct. 945 (2012)), where GPS technology was used to track a suspected criminal, the Supreme Court ruled that this was indeed an invasion of privacy and that the 4th amendment protected from this kind of intrusion. This case involved a physical intrusion, however the court goes on to suggest that “It may be that achieving the same result through electronic means, without an accompanying trespass, is an unconstitutional invasion of privacy, but the present case does not require us to answer that question.” United States v. Jones, 132 S. Ct. at 954 (2012).

In a concurring opinion, Justice Sotomayor suggests that cases of electronic or other novel modes of surveillance that do not depend upon a physical invasion on property, the court should consider whether people reasonably expect that their movements will be recorded and aggregated in a manner that enables the Government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on.

So, does the use of facial recognition technology, the taking of pictures, and then the recognition of those pictures justify a search?

The line is still very murky. However, as the use of these technologies increase, and the awareness of their use, people’s expectations may change, and with this, may change the policy of what a reasonable person expects is an intrusion. The use of public surveillance may not be subject to any expectation, but what those surveillances are used for might be. The world that Sotomayor refers to, where the government becomes the all-knowing overseer, knowing who you are by where you have been, is the world that sci-fi thrillers have depicted for generations. Let’s just hope we don’t have to depend on Tom Cruise to save us from it.