• United States



by Sandy Kendall

How Long Can Courts Avoid the Issue of Privacy?

Jan 19, 20043 mins
CSO and CISOData and Information Security

Last weeks New York Times reported on a case of a rental car customer whose expected bill of $259.51 for 12 days came across the counter instead as $3,405.05. This was the result of a $1 per mile fee that applied because the renter had crossed the state (California) line. How did the car rental company know? A tracking device in the car allowed the company to create a map of the customers tour from San Francisco to Las Vegas and the Grand Canyon, then back along Californias scenic highways.

This type of use of telematicsa combination of satellite-based global positioning system, wireless communications and vehicle monitoring systemsisnt new. (CSOs sister publication CIO magazine reported in 2002 on a car renter surcharged by the rental company for speeding, though never stopped by the cops, via the same method.) But while similar situations and legal cases continue to pile upsituations that raise eye-poppingly obvious privacy issueslegal pros continue to ignore that particular elephant in the halls of justice. Instead they zero in on the less uncharted (and incidentally less news-making) territory of contract law.

In a particularly intriguing case recently, the Ninth U.S. Circuit Court of Appeals issued a decision in November stating that a lower court judge erred when he ordered an (unnamed) on-board vehicle navigation system company to help the FBI eavesdrop on conversations in a suspects vehicle. OnStar, ATX and similar systems now available in many cars have a wireless communication feature used to send distress signals from the car to the service company in the event of airbag deployment or of an emergency button being pressed. But unbeknownst to many consumers, that wireless connection can also be opened to listen to any sounds within the car. Like conversations. The legitimate reason for this is to track stolen vehicles. Those being listened to cant tell. But, and this is the contractual glitch that caused the court to rule in favor of the company, having the wireless connection open for bugging purposes deactivates the emergency functions. It thereby forced the company to violate its contract with a customer. Which is a legal principle judges feel comfortable ruling on. Privacy, on the other hand&.

The Electronic Privacy Information Center (EPIC) calls this particular ruling a pyrrhic victory for privacy. EPIC attorney David Sobel said, Although the bottom line is that the surveillance order was rejected, the real effect of it is that this kind of monitoring is permissible as long is does not interfere with the service.

Interestingly enough, this case is known only as The Company vs. The United States of America, and the opinion gives no clues about the criminal activity the FBI was hoping to track, and the underlying civil case is sealed. So you can find privacy (or is that secrecy?) some places.

But, as surveillance techniques and opportunities multiply, should we demand that privacy be defended more explicitly in the court? Or is it enough to defend it piecemeal, through tangential legal questions?