Holiday Recap: Privacy Developments You May Have Missed While You Were on Holiday Break
Normally, the week between Christmas and New Years Day is a quiet one in the privacy and security front. This year you might have expected it to be doubly quiet, with the entire nation’s attention focused on the fiscal cliff (since the Mayan’s were wrong and the world didn’t end). Not so fast. It turned out to be a very busy time. Here are three of my personal highlights.
The FISA Amendment Reauthorization Act of 2012, HR 5949, was signed into law by President Obama, renewing without changing the government’s authority to intercept foreign communications carried on U.S. provider’s networks without a court order. This authority has been highly controversial and is subject to a Fourth Amendment Challenge in Clapper v. Amnesty International. For now, despite concerns expressed by a variety of sources, the FAA remains law for another 5 years unless struck down by judicial action.
The Tenth Circuit Affirms Kirch v. Embarq. Remember all the flap about NebuAd? On December 28, 2012, the Tenth Circuit ended the NebuAd Litigation against Embarq, affirming the district court’s prior decision that the plaintiffs could not state a claim against Embarq for diverting its subscribers traffic to NebuAd for deep packet inspection. In a clear victory that should make plaintiffs lawyers think twice before suing ISPs for accessing communications that travel on its own network, the Tenth Circuit found that where an ISPs access to communications is a result of its provision of communications services, access to such communications in the ordinary course of its core business as an ISP, can never be an interception. Thus, sending that stream of communications to a third party, such as NebuAd, cannot be an illegal interception. And because there can be no civil aiding and abetting liability for violations of the Wiretap Act, Embarq cannot be liable. The tenth circuit’s decision is even more important than the prior district court’s decision, which relied largely on consent. Under the Tenth Circuit’s analysis, consent was never necessary to begin with because Embarq never had more access to the communications of its subscribers through its partnership with NebuAd than it had in the course of providing ISP services. This is an important decision for any ISP thinking about using deep packet inspection.