Articles Posted in Privacy


Google EspañaLast month, the Court of Justice of the European Union issued a preliminary ruling on the right of natural persons to privacy with respect to the processing of personal data. In the case, Mr. Costeja González, a Spanish national, had lodged a complaint with the Agencia Española de Protección de Datos (AEPD), the Spanish Data Protection Agency, concerning a then 12-year-old announcement in La Vanguardia Ediciones SL, a Spanish newspaper, that mentioned a real-estate auction connected with attachment proceedings for the recovery of Mr. González’s social security debts. Mr. González wanted his personal data in the announcement removed from the La Vanguardia website. In addition, he wanted Google Inc. or Google Spain to remove the La Vanguardia web pages from its search results.

The AEPD rejected the complaint against La Vanguardia because the Ministry of Labour and Social Affairs had ordered the announcement to promote the auction and secure as many bidders as possible. However, the AEPD upheld the complaint against Google Spain and Google Inc. The Google companies then brought separate actions before the Audiencia Nacional (National High Court), which stayed the proceedings and referred several questions regarding Directive 95/46 to the Court of Justice of the European Union.

In upholding the right of data subjects to have certain search results associated with their names removed from search engines, the Court of Justice stated that search engines may initially be able to process accurate personal data regarding a person. However, over time, this right may conflict with the Directive if such results are “inadequate, irrelevant or no longer relevant, or excessive in relation to those purposes and in the light of the time that has elapsed.” Accordingly, the right of privacy should be balanced against the economic interest of the search engine operator as well as the “interest of the general public in finding that information.” Continue reading →


lavabitThe Fourth Circuit Court of Appeals recently unsealed the documents in the FBI action against Lavabit, Inc – Edward Snowden’s email provider. In July of 2013, the FBI sought a search warrant in the Eastern District of Virginia. Rather than turn over the encryption key that would allow the government to read the emails that Snowden sent, and risking exposure for other clients of the service, Lavabit closed its operations. You can read about the case at Wired and Techdirt. We found the (unsealed) docket and have it featured here, with all of the filings.


papersThe Foreign Intelligence Surveillance Court has created a public docket for declassified opinions.

The documents have been released through the efforts of providers like Yahoo, Microsoft, and Google, as well as advocacy groups like the ACLU and the EFF, who filed requests to publish the opinions and filings in the FISC. Since FISA was enacted, the FISC and FISA Court of Review have only released a handful of opinions. The public docket gives us insight into the secret activities of the courts and their litigants.

The docket includes the following cases:

Docket No. 105B(g) 07-01: Yahoo

Yahoo Corp. sought permission to disclose its motion in opposition to surveillance requests after the PRISM program was revealed. The decision in that case was published in redacted form at In re Directives Pursuant to Sec. 105b of the Foreign Intelligence Surveillance Act, 551 F. 3d 1004 (Foreign Intel. Surv. Ct. Rev. 2008).  This is one of only two opinions ever published by the FISCR.

Yahoo argued that the opinion should be unredacted in light of (a) recent declassification decisions by the DNI (Director of National Intelligence), (b) the current controversy surrounding the use of directives under Section 702 of the FISA Amendments Act of 2008, and (c) recent litigation over the constitutionality of Section 702. They also cite the current public interest in the FISC in light of the Snowden leaks.

The US filed a reply taking no position, and the FISCR ordered the Government to conduct a declassification review of the briefs and redact any sensitive material, at which point the FISCR will issue a memorandum opinion. The deadline for that is July 29.

Case No. Misc. 13-04: Microsoft

Microsoft sought a declaratory judgment from the FISC authorizing disclosure of aggregate data about the number of FISC orders it receives and complies with. Microsoft explicitly mentions in the pleading that it seeks to correct the misimpression, furthered by inaccurate media reporting, that it provides the government with direct access to its servers and network infrastructure through the PRISM program.

Microsoft argued that the FISA and the FAA do not prohibit disclosure of these numbers, and that the secrecy provisions in these statutes are aimed at preventing disclosure of surveillance to the targets. They also argue that a prohibition on disclosure of this nature would be unconstitutional as a content-based restriction on speech, prohibited by the First Amendment.

Case No. Misc. 13-03: Google

A coalition of advocacy groups, led by famous First Amendment lawyer Floyd Abrams, moved to file an amicus brief in support of the Microsoft and Google petitions for permission to publish aggregate data. The Amici brief focused on the First Amendment implications of restricting the providers’ speech.

A group of press advocated and publishers also filed an amicus brief in support of the petition to publish aggregate data. Their brief focused on the First Amendment as well, but from the perspective of a “willing speaker,” and the heightened public interest in hearing what the speech.

Case No. Misc. 13-02: ACLU

The American Civil Liberties Union and the Media Freedom and Access Clinic at Yale Law School filed a motion to release FISC opinion that discuss the meaning, scope, and constitutionality of Section 215 of the Patriot Act, 50 USC 1861. They argue that (a) disclosure is required under the First Amendment and (b) the FISC has the authority to publish its own opinions, sua sponte, and public interest and the need for debate compels it to do so.

The brief argues that access to public opinions is deeply enshrined in common law, that Government officials, including President Obama, have called for a robust debate about the issue, and that access to the opinions interpreting the statutes are necessary in order to understand the scope of the law and properly inform the debate.

Several members of Congress filed a brief of amici curiae in support of the ACLU’s motion. They argue that disclosure is necessary to allow them to explain the surveillance programs to the public and to have an informed discussion in Congress about the scope and application of the law.

The amici argue that the Speech and Debate Clause, U.S. Const. Art. I §6 cl. 1 protects the open exchange of ideas in Congress, and supports the “informing function” of the Legislature. In times of crisis, Congress must be able to debate and inform the public, and a prohibition on access and speech about judicial opinions impairs this essential function.

The United States filed a brief in opposition, arguing that (1) the ACLU has already been denied by the Court (in an unpublished FISC opinion issued in 2008, and attached to the brief), which the ACLU did not appeal, and (2) the ACLU has no standing to make the motion, since it was not a party any relevant opinion. The Government also argues that, in any event, a declassification process is underway the the Government will release material if they deem it appropriate. It’s interesting to note that Attachment A is a memorandum opinion from the FISC, previously unpublished. That opinion holds that  any common law right to public access to opinions was pre-empted by FISA and its security procedures. It also found that the ACLU failed to demonstrate a First Amendment right of access.

The Court issued an Order requesting bar membership and security clearance for counsel associated with the case, with a deadline of August 9.

Case No. Misc. 13-01: EFF

The EFF filed a motion for declaratory judgement on the question of whether FISC Rules preclude the production of FISC opinions under a FOIA Request. The EFF filed a FOIA request for opinions in which the Court held that a surveillance request was unreasonable under the Fourth Amendment. The Department of Justice responded that it located the opinions but was barred from producing them under FISC Rules of Court.  The DOJ opposed the EFF’s motion, arguing that the determination was outside of the FISC’s jurisdiction. Essentially, the DOJ argues that only the agency has the discretion to release its records, and that the FISC does not have the authority to order the DOJ to do so. The FISC only has the authority to release its own records.

Attached to this opinion are Exhibits, including the EFF’s original motion to compel disclosure  – an interesting glimpse into how FISA is dealt with in a federal district court.

The FISC concluded that its jurisdiction over the matter was appropriate, and that FISC Rules do not bar production of its opinions.  It found that FISC Rule 62 does not have the effect of sealing FISC opinions, and that the Executive Branch is fundamentally responsible for safeguarding sensitive national security information.

The underlying FOIA action is ongoing. You can follow it on Justia Dockets.



331490_big_brotherAccess to opinions and codes is of particular interest to the bloggers at Justia. We complain mightily about private citation formats, paywalls to codes and caselaw online, privatization of court services and filings, and the government’s overall failure to provide us with official, free access to the public record. Last week’s news about the reauthorization of the FISA Amendments Act, however, highlights an altogether different problem of access to the law: secret, sealed court opinions from the nation’s Foreign Intelligence Surveillance Act Court. This body of law is not available for free or for purchase. It is sealed and hidden from the American people.

There is plenty of news coverage about the Act, and plenty of opinions online about the threat it poses to the freedom and privacy of Americans and non-Americans here and abroad. I’d like to highlight the problem of access to the output of the FISA Courts, and why we are still in the dark about their decisions – decisions that are legally binding precedent but that we know nothing about. Continue reading →


On November 30, Google was hit with yet one more class action lawsuit over Gmail’s method of scanning emails to deliver personalized advertising to its users. The named plaintiff in this case, Kristen Brinkman, filed the lawsuit in the U.S. District Court for the Eastern District of Pennsylvania.

Like in the other cases, this case alleges that the way Google automatically scans the emails of its Gmail users to deliver personalized ads is unlawful. The complaint cites Pennsylvania’s Wiretapping and Electronic Surveillance Control Act, 18 Pa. Cons. Stat. §5701 as prohibiting the behavior in which Google allegedly engaged.

There is nothing unusual about this case as compared to any of the other related cases filed against Google (in California, Florida, and Illinois). The complaint lays out as the proposed class of plaintiffs “[a]ll natural persons located within the Commonwealth of Pennsylvania who sent e-mails from a account e-mail address to an account e-mail address the owner of which was also located within Pennsylvania from within” the statute of limitations.”

Theoretically, there could be a similar state-wide class action lawsuit in every state with an applicable statute, as well as one with a nationwide class raising federal claims. Likely we will see more and more of these cases crop up across the country until the question is fully resolved.

Complaint in Brinkman v. Google, Inc.


Yesterday, November 29, Brent Matthew Scott filed a class action lawsuit against Google, Inc. in the U.S. District Court for the Northern District of Florida. The lawsuit alleges that through its Gmail product, Google violated state laws against wiretapping.

Specifically, the complaint alleges that Google intercepts the plaintiff’s emails (and those of the entire class of plaintiffs) before they reach the intended recipients, in violation of the Florida Wiretap Act, codified at Florida Statute § 934.03.

Most of the lawsuits against Google that are brought under state and federal wiretapping laws have alleged that Gmail’s automatic scanning of emails for personalized ad placement violates state and federal law. However, the present lawsuit does not elaborate on the nature of Google’s alleged violations other than to say that the provider “intercepts” the emails.

As written, the complaint may not be sufficient to take the lawsuit very far. Under the precedent set by the U.S. Supreme Court’s decisions in Ashcroft v. Iqbal and Bell Atlantic Corp. v. Twombly, a complaint must make a “plausible” claim for relief to survive a motion to dismiss. To be plausible, a complaint must make allegations beyond mere legal conclusions; these conclusions must be supported by factual allegations. The bare assertions in the complaint as filed may fall short of this requirement, but the court may allow the plaintiff to amend the complaint and re-file it.

However, if this case shapes up like the other Gmail scanning cases, even a well-pleaded complaint may find difficulty winning the case on the merits, as explained in prior posts here on Onward.

Complaint in Scott v. Google, Inc.


Yesterday, Google was named in a class action lawsuit by a plaintiff identified only as “A.K., as next friend of minor child J.K.” Filed in the U.S. District Court for the Southern District of Illinois, the lawsuit alleges that Google has violated (and continues to violate) the Electronic Communications Privacy Act of 1986 (the “Act”) and various state privacy laws by its “intentional and willful interception, scanning, and use of” emails sent to and from J.K., a minor child.

The plaintiff claims to represent similarly situated minor children in the state of Illinois and alleges, among other things, that Google’s Gmail product violates federal and state law. Section 2511 of the Act makes punishable anyone who “intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication.”

This is not the first time Google has been sued for Gmail’s use of email scanning to deliver personalized ads. In November 2010, Keith Dunbar filed a lawsuit in the U.S. District Court for the Eastern District of Texas alleging the same violations. The case was transferred in June 2012 to Judge Lucy Koh on the U.S. District Court for the Northern District of California and is still in discovery at the time of writing.

The present lawsuit differs from the original only in that it emphasizes the minority status of the alleged victim, but that is unlikely to make a difference in the outcome, if experts criticizing the original lawsuits are correct about their assessment of why Google is not violating any laws. In essence, experts and Gmail’s privacy policy concur that because no one actually receives the contents of any private emails other than the intended recipient, no laws are violated in the automated scanning of the emails for advertising purposes. Technology law expert Eric Goldman has described the Dunbar case as an “are-you-kidding-me?” case, so that does not bode well for the plaintiff in that case, or in the present one.

That this case involves a minor child (rather than an adult) should not make a difference in the interpretation of the federal statute, but it may affect the availability of state law remedies.


The European Union (EU) is expected to announce legal action against Google for allegedly violating EU law by failing to give users a choice to opt out its new privacy policy, according to The Guardian.

The French data commissioner, known as the ‘CNIL’ or Article 29 Working Party that has authority concerning protection of individual personal data, is anticipated to require that Google undo its recent privacy policy changes. The effect could be far-reaching, not only in Europe, but worldwide as governments scrutinize Internet privacy policies and their impact on users.
Continue reading →


In a Solomonic ruling, Manhattan Supreme Court Justice Manuel Mendez recently denied a defendants’ sweeping Notice to Admit social media account postings by a personal injury plaintiff in Carr v. Bovis Lend Lease (read the decision below). In New York, unless a party objects to another’s pre-trial Notice to Admit, they run the risk of admitting something they don’t disagree with, potentially helping another litigant through inaction. In Carr, the defendants’ Notice to Admit sought to have plaintiff admit to making Facebook, Twitter, and other social media postings online, even though plaintiff only acknowledged having a Facebook account.

Here, Justice Mendez gave each party a little victory, and perhaps a setback too.
Continue reading →


On Wednesday, New York City unveiled a new surveillance system powered by Microsoft that would provide near-real-time analysis of camera footage across the city. In its press release, the City boasts that the system features “the latest crime prevention and counterterrorism technology.” The security-minded among us may cheer this development as providing heightened protections against terrorism and other planned acts of violence, but for those of us who are more interested in privacy, this announcement reeks of “Big Brother.” Continue reading →