HeLa’s Immortal Cell Lines

The development of “immortal” cell lines led to major improvements in research and experimentation; unlike most cells, these cells do not die of old age.  Immortal cell lines are significant because of their ability to grow indefinitely and to survive being divided and shared; these traits allow scientists to engage in more productive research.  Scientists created the first immortal cell line, dubbed HeLa, almost 60 years ago, in the 1950s.  Since then, scientists have used HeLa cells to develop the polio vaccine, as well as drugs that treat Parkinson’s disease and leukemia.  Scientists even sent cells from the line into space to aid in research on the effects of zero gravity on human tissue.  Overall, scientists have produced more than two thousand pounds of these cells, the sales of which have generated millions in profits.

The Personal Side to the Story

Recently, renewed interest in this cell line has focused on its origin rather than its results.  In this case, scientists named HeLa cells after the patient in whom they first found them: Henrietta Lacks.  Lacks suffered from a particularly virulent strain of cervical cancer and, after unsuccessful radium treatment, died in 1951 at Johns Hopkins Hospital, Maryland.  Without Lacks’ knowledge or consent, her doctor shared a sample of her tumors with a researcher, Dr. George Gey, intent on developing an immortal cell line.  With Lacks’ tumor cells, the researcher succeeded in making the line that led to medical advancements and high profits.

This behind-the-back cellular research and development story has recently become the subject of controversy.  “Tissue rights” scholars now question whether or not patients should retain any control over cells removed from their body.  Currently, cells be bought and sold without the patients’ permission, but tissue rights advocates suggest that these often-unwitting donors deserve a share in the profits their cells eventually reap.

Complicating the issue is the fact that some believe Henrietta Lacks’ story to primarily be a “case of a black woman whose body had been exploited by white scientists.”  The contrast between her children and grandchildren’s continued poverty and the vast profits made from commercializing the HeLa cell line heightens the feeling that the scientists responsible cheated Lacks and her family.  Also troubling is the fact that researchers continued to collect genetic material for the purposes of HeLa cell development from these family members long after Lacks died, under the guise of routine cancer screening diagnostics.

Legal Complications

Given the current state of the law, the Henrietta Lackses of the world have a hard argument to make if they believe they deserve a share of the profits.  In a similar case in the 1980s, researchers removed the spleen of John Moore as part of his leukemia treatment.  Recognizing the unique scientific and financial potential of Moore’s particular cancerous cells, his doctor promptly developed a cell line from the extracted lymphocytes, patented the line, and licensed it for hundreds of thousands of dollars.  The doctor also gathered samples of Moore’s blood and other tissue on future visits; he told Moore’s that his continued health depended upon such testing but did not reveal that he was keeping the samples to aid in his research.  The resulting cell line, Mo, now has a market value of around $3 billion.

When Moore discovered these lucrative results he sued for his share of the profits. The California Supreme Court, however, rejected his suit, holding that Moore did not have a property interest in the cell line developed by his doctor and that his rights to privacy and dignity were sufficiently protected by the doctrine of informed consent.  The court also pointed out that certain laws seem designed to prevent patients from retaining their organs after their removal.  The court did concede, however, that the doctor’s financial motives should have been disclosed to Moore.

The current regime is one where tissue or cell samples removed from a person’s body are tissues or cell samples in which that person has no property rights.  Today, patients who undergo surgery often sign forms that specify whether any removed tissue may be used for research purposes.

Looking Ahead

The nagging feeling that scientists and doctors treated Henrietta Lacks and John Moore unfairly remains.  It can be unsettling to know that doctors have hundreds of thousands of dollars worth of incentives to operate on or take samples from their patients.  Moreover, as Lacks’ family knows, once tissues have been excised from our bodies, the feeling that they are part of us can remain; the immortal HeLa cell line will always be Henrietta Lacks to her family.

Among the companies targeted for criticism are Google, Amazon, McAfee, Yahoo, eBay, Microsoft, Apple and Verizon. These hearings may mark the beginnings of legal changes that could require information and communications technology companies to protect users’ rights overseas. The potential legal ramifications of these changes are unclear at present, though they are the subject of heated debates, as we will see below.

The Senate Hearings

U.S. Senator Dick Durbin of Illinois chaired a hearing before the Judiciary Subcommittee on Human Rights and the Law on Tuesday March 2^nd to review the practices of information technology companies in countries that restrict free access to the internet.

Senator Durbin sent letters to thirty companies requesting information on their business practices in China and other countries that censor the internet. The senator also encouraged companies to join the Global Network Initiative (GNI), a group of corporations, academics, human rights groups, investors and others committed to protecting internet users’ rights to freedom and privacy according to a specific code of conduct. (As of now, only the original three member corporations have joined the GNI, which is discussed further in the section below. ) The GNI submitted a written statement for the hearing, available here, which stresses the need for more communication between companies in the information and communications technology sector in order to identify important human rights issues. The GNI also affirmed its view that there is a strong need for more corporations to join the GNI and commit to its principles.

Testifying at the hearing were Michael Posner (Assistant Secretary of Human Rights, Democracy and Labor at the State Department), Daniel Weitzner (with the National Telecommunications and Information Administration of the Department of Commerce), Nicole Wong (Google’s Vice President and Deputy General Counsel), Rebecca MacKinnon (Visiting Fellow at Princeton University’s Center for Information Technology Policy and a drafter of the Global Network Initiative), and Omid Memarian (an Iranian blogger living in the U.S. since his release from detention by the Iranian security services in 2004).

Mr. Memarian testified about how his website was shut down—not by the Iranian government, but by his American domain and host provider, because of restrictions on transactions with Iran. He discussed how such restrictions and sanctions prevent Iranian dissidents from downloading software (including, for example, Google Chrome) and publishing their opinions. He also made several suggestions about how the U.S. government and American corporations could provide technologies that would help promote internet freedom in Iran, and further argued that a freer Iran would greatly help the security of the region.

Nicole Wong’s testimony reviewed Google’s recent problems with China and affirmed Google’s unwillingness to keep censoring search results for Chinese users. She stated that Google would “reconsider [their] approach” in China if the situation worsened after more monitoring. Beyond restating Google’s decision to stop censoring search results in China, she did not commit to any concrete action. However, she discussed various strategies that governments could use to combat censorship. She also analyzed the issue from an economic perspective, elaborating on the damaging effects of internet restrictions on both the “host” country and on foreign companies.

Rebecca MacKinnon testified about authoritarian regimes’ exploitation of the internet to cement their power and suppress dissent. Ms. MacKinnon discussed and countered the view, popular in the 1990s, that the internet by its nature would elude and eventually defeat authoritarianism. It was then widely believed that no government could truly stop the spread of information over the internet. The internet, the theory went, would be an invaluable and unstoppable weapon in the hands of dissidents.

Contrary to predictions, as China and Iran in particular have demonstrated, authoritarian governments have adapted to and co-opted the internet. Filtering, deletion of content by internet companies, cyber-attacks, politically motivated law enforcement, and device-level controls are the major techniques a government may use to control the spread of potentially threatening information over the internet.

Mr. Posner and Mr. Weitzner made general comments in support of internet users’ liberties and of using business regulation to promote free exchange.

The Corporations’ Response

The point of the hearings, as suggested by Senator Durbin’s letters to the various companies, was to highlight the role corporations can play in either reinforcing or undermining government surveillance and control of the internet. Senator Durbin’s opening remarks discussed how pressure from U.S. companies and the government influenced the Chinese government to back down from its decision to require all computers sold in China to include filtering and information-gathering software. Ms. Mackinnon also discussed ways in which corporations could fight internet censorship, from locating servers outside the territories of authoritarian countries to refusing to comply with informal demands from governments to creating surveillance-circumvention technologies.

However, only three corporations in the sector have committed to the GNI code of conduct: Google, Microsoft, and Yahoo. Whether these companies will adhere to the code of conduct is uncertain, as the New York Times points out.

Additionally, AT&T, Skype, and McAfee have committed to discuss joining GNI.  Facebook and Twitter were invited to send representatives to the hearings but declined. Senator Durbin expressed his disappointment in this unenthusiastic but probably inevitable response.  Without legal pressure, it is unlikely that corporations will take actions against their own self-interest by defying laws in countries where they do business.

Possible Legal Consequences

At this time, enactment of any new legislation is far off. The bulk of lawmakers’ attention is focused on exhorting companies to voluntarily comply with GNI standards.

However, many have made legislative proposals and suggestions. For instance, Rebecca MacKinnon has argued for legal changes allowing targets of state repression to sue U.S. companies who turned over information on them. Additionally, Senator Durbin is working on legislation to compel companies to either defy censorship overseas or face civil or criminal penalties at home, the St. Louis Post-Dispatch and PC Magazine report. He has not stated what actions would trigger these penalties under the hypothetical bill. However, this is not a new idea: some activists have been proposing the Global Online Freedom Act (GOFA) for years, as the Guardian reports, which would make it illegal for a U.S. company to provide information or technology aiding restriction of internet services. Brendan Ballou, who blogs on Harvard Law Professor Jonathan Zittrain’s website, analyzes some aspects and limitations of the GOFA here.

Criminal or civil penalties in the U.S. may simply present U.S. companies with the following calculation: will defying the U.S. law cost them more or less than circumventing internet restrictions in China or Iran? The efficacy of such a bill is questionable. It may present some companies with a difficult choice: they must either violate the law at home, or abroad. Furthermore, many of the technologies that make internet-restriction possible were developed in U.S. and European countries at the behest of their governments, to aid in lawful surveillance in those countries. Nokia Siemens made this point in response to a European Parliament resolution condemning its technological aid to the Iranian government and calling for a ban on surveillance technology exports to certain countries, as Ars Technica reports.  This suggests that the scope of the bill will have to be very clearly defined if it is to differentiate between surveillance carried out in the most repressive countries and surveillance in western democracies.

• Out-Law reports on a US District Court for the Northern District of California case that clarifies how damages for groundless claims of copyright infringement should be determined.

• Apple is suing HTC over infringement of its user interface patents, but it’s really Google it’s after, says IP Watchdog.

• RealNetworks drops its appeal against a ruling declaring that its DVD-copying software violated the DMCA – Wired reports.

• Is it the car or the driver’s fault? Toyota recall casts doubts on driver’s conviction, says Autoblog.

• BusinessWeek reports that Google is pushing for the U.S. to take a WTO action against China over internet censorship (and see our recent post on the subject here).

• Are you liable if you forward a defamatory e-mail with introductory comments? Eric Goldman reports on a recent California appeals case.

• The E-Commerce Times wonders whether Microsoft is behind Google’s recent antitrust troubles.

• Netflix is being sued for its deal to delay the availability of Warner Brothers DVDs, reports the New York Daily News.

• Out-Law opines that the convictions of Google executives in Italy is not just about Italian law – the problem is with the EU directives Italy implements (see our post on the case here).

• Is that really Yao Ming’s Twitter page?  Twitter is testing out a new verified account feature for celebrities.  See our old post on Twitter-squatting here.

Ragbag security legislation

The bill is a ragbag of security-related provisions, spanning a diverse range of issues such as online identity theft, video surveillance, stadium violence, and dangerous driving. The law apparently also authorizes the French authorities to use malware to obtain evidence on criminal suspects, for example by covertly uploading software to their PCs to log their keyboard inputs. While the express purpose of the bill is to set out the framework for the operations of law enforcement agencies for the next five years, it focuses particularly on the technical means that can be employed by the police and judges.[2]

The provision that has proven most controversial is draft article 4, which provides for the filtering, on the authority of ministerial orders, of websites hosting child pornography. The 312 to 214 vote in favor by the Assemblée is unlikely to mark the end of the controversy, as the upper house, the Sénat (Senate) has yet to debate and approve the law. This post considers the text of the provision and the debates surrounding it, before comparing the proposal to similar proposals and existing filtering systems around the world.

Filtering by ministerial order

Draft article 4 is explicitly targeted at, and limited to, the “requirements of the fight against images or representations of minors” prohibited by the Code Pénal (Criminal Code), i.e. child pornography. There is no leeway under the current wording of the article for blocking sites other than those which provide access to child pornography. In terms of procedure, as pointed out by the Ministry of the Interior’s press release on the law, “the rule is simple: the Minister for the Interior communicates to ISPs a blacklist of sites and online content to be blocked, and it is the ISPs who prevent access to those sites and content from computers located in France.”

Legislative Debates

Article 4 was one of the main points of contention in the legislative debates over the bill. According to Le Monde, the (right wing) majority accused the left, which opposed the bill, of turning a blind eye to the kind of materials easily available online. The left, on the other hand, protested against the “diabolization” of the internet, a hostility which Green députée (Representative) Martine Billard sees as rooted in the government’s frustration with its inability to control the internet. The opposition further attacked the bill on the grounds that it fails to address either the victims of the crimes at issue or those who create the images, but rather focuses only on the means of transmission.

Procedural Safeguard

One crucial amendment to the bill was introduced during the debates in the Assemblée Nationale by député Lionel Tardy, a member of the majority UMP party. The amendment requires the approval of a judge before the ministerial order to block a given site can be put into effect. According to Le Monde, the bill sponsors expressed their reservations regarding this amendment (and in particular its potential to slow down the enforcement procedure), but in the end chose not to oppose it. This decision may have been based on a recognition of the validity of the opinion of the Commission des Lois (Law Commission), which was of the view that the absence of this procedural safeguard could lead to the law being struck down as unconstitutional (as happened to the HADOPI law last year).

Criticism

None of the critics of LOPPSI argue that child pornography ought not to be fiercely cracked down on. Rather, a leading theme of criticism of the bill is a concern that, by enshrining a ministerial power to order the blocking of internet sites, LOPPSI lays the foundations for a system of internet filtering that could easily outgrow its original purpose. French cybercrime expert Guillaume Lovet (quoted here), notes that the legislation gives the French government a “foot in the door,” and observes that it reflects a growing international trend of “legislate first, address accountability later.”

Blogger Jean-Michel Planche notes that, if the law is passed, the internet will become the first infrastructure network (e.g. roads, electricity, gas, postal services) to come under the control of the Ministry of the Interior, and wonders what implications this may have as the internet’s role as a platform for all kinds of social and economic exchanges grows.

A number of critics have also questioned the effectiveness of the bill, remarking that this type of ISP-level filtering would do little to prevent the determined and tech-savvy from accessing offending websites, for example through virtual private networks (VPNs) (see e.g. this online LOPPSI forum).

International trends

The explanatory notes to LOPPSI mention the fact that “neighboring democracies” such as Denmark, the Netherlands, Norway, Sweden and the United Kingdom have put in place technical measures enabling the blocking of access to specified sites from within their territories (though these have not been formalized in LOPPSI-like legislation; Le Monde provides a useful map which identifies various countries around the world which have adopted targeted filtering of child pornography sites). The experience of filtering in these countries is not encouraging with regard to the accountability of blacklisting systems.

The blacklists maintained by a number of countries, including Denmark, Norway, Australia and Thailand, have been leaked through Wikileaks over the last few years. The Thai government’s blacklist, aimed at child pornography, allegedly included 1,203 political sites which were thought to criticize the Thai king, in breach of Thailand’s strict lèse majesté laws (see ZeroPaid post here). But even in the case of western democracies, blacklists have been accused of being open to abuse: Forbes reported that the blacklist compiled by the Australian Communications and Media Authority, which is meant to target child pornography and terrorist websites, was found to include the websites of a tour operator and a Queensland dentist’s practice. The U.K. filtering system came under fire in 2008 when it was found that six major British ISPs had blocked access to a Wikipedia page which contained an image reproducing a controversial Scorpions album cover (see report from The Register).

An interesting contrast to LOPPSI is the fate of a recent German filtering proposal, the Gesetz zur Erschwerung des Zugangs zu kinderpornographischen Inhalten in Kommunikationsnetzen (Law on the Restriction of Access to Child Pornography Content in Communication Networks), which was initially approved in the summer of last year by the German lower house, the Bundestag (see Deutsche Welle report). Unlike the French bill, the German law would not have blocked access to the offending sites but would have thrown up a warning page displaying a large red stop sign. The stop sign would notify web users of the nature of the content they were seeking to access, but nevertheless allow the users to proceed if they so choose. The proposal met with considerable public opposition, including an online petition signed by more than 130,000 people (the biggest online petition in Germany to date). Elections in September 2009 resulted in changes to the governing coalition, and the liberal FDP made it clear, during the talks that led to it joining the government, that it would not support the filtering provisions. The filtering strategy was formally dropped on Feburary 8, 2010, in favor of a policy targeted at deleting offending websites rather than blocking them (see Opennet report).

Conclusions

Looking at the wording of article 4 of LOPPSI alone, the concerns of some of the bill’s critics may seem overblown. Few dispute the pressing need to fight the dissemination of child pornography online. Even if ISP-level filtering is unlikely to deter the most resourceful seekers of such content, what limiting effect it does have must surely be welcomed. Regarding the criticism that the bill focuses only on intermediaries, it is clear that other legislation targets the creators of child pornography. Furthermore, in many areas of law enforcement, targeting intermediaries often proves to be the most effective means of achieving effective enforcement. Regarding blacklists, there is a valid argument that releasing the blacklist publicly could compromise the aim of suppressing access to the sites concerned, as it would provide potential offenders with an “address book” of prohibited sites, which the more tech-savvy could then easily access. However, the patchy record even of liberal democracies suggests a strong need for accountability mechanisms in the administration of any kind of blacklist system. In this respect, the amendment introduced by Mr. Tardy is a welcome and necessary procedural safeguard. Nevertheless, there is little doubt that its sufficiency, and indeed the legitimacy of any kind of filtering strategy, will be much debated as LOPPSI makes its way through the French legislative process.

[2] Note that French criminal judges can be much more intimately involved in investigation and evidence gathering than their common law counterparts.

This article focuses on one of, and perhaps the most important of, these issues: ownership in a virtual world.

The New Frontier

The parameters of what constitutes an MMORPG  are ill-defined, and the category itself houses a nearly innumerable listing of sub-genres distinguished only by arcane and often community-constructed differences. It is safe, however, to assume that the core elements an MMORPG revolve around player choice; MMORPGs invariably allow creation of a personalized and unique identity or avatar, in-game item collection or creation, and social interaction on a grand scale. MMORPGs of this type are popular – Activision Blizzard’s MMO, World of Warcraft, boasts millions of subscribers – and they are myriad. They have working economies and currencies complete with, through the magic of “gold farming” (paying people to earn in-game money on one’s behalf), exchange rates into Yen, Dollars, and Euros.

As the above suggests, the cornerstone of any online gaming experience is identity, here a construct roughly defined by the juxtaposition of a player’s quasi-physical avatar (referred to thus because of its bridging function between the virtual and the real, the player model a graphical representation anchoring an online identity to the game space) with their online actions, reputation, and inventory. The current regime seems generally satisfied with persistent developer control of that identity; after all, this provides a simple solution to policing and enforcing terms of use in the form of the wholly justifiable at-will banning and account termination that follows from such an ownership structure. EULAs (end user license agreements) serve as the legal backbone to this, relying upon contract law to essentially codify the status quo in a game-by-game fashion.

Scholars, however, are beginning to question the continued durability of such an arrangement. The most immediately pressing crack in the developer-control dam is perhaps also the most tangible: ownership rights with respect to items acquired. While nearly all MMORPGs offer a selection of “things to do,” including occupations, “player vs. player” (or “PvP” as it is colloquially known) sport and combat, and attending holiday events, the clearest and most developed method of character progression, and therefore the most elemental piece of the identity jigsaw, is the acquisition of items, or “loot.”

The Importance of Loot

Why is loot so important? The answer to this becomes obvious once one realizes that a newly looted shield provides more than a cosmetic improvement. Indeed, it provides more than even a boost to a player character’s statistics; it directly contributes to the uniqueness of that player’s identity. It is a status symbol, a way to differentiate, a trophy, an accomplishment. Loot is critical to the experience, critical to what constitutes “living” in the virtual landscape. While unchecked materialism is often subjected to derision in the physical world, such materialism currently serves as the very foundation of the virtual.

Loot and the law

Legally, however, this loot is essentially unprotected. A developer or administrator (a super-identity charged with keeping order in the virtual world) can strip a player’s inventory at-will, loot can be “ninja’d” (stolen off of an enemy’s corpse by a group member without going through previously agreed upon loot sharing procedures), and guild banks (shared storage spaces for online groups) can be emptied by unscrupulous guild leaders. There are literally no repercussions outside of reputational loss to any of these actions. Generally, if something you have “owned” is taken from you, however unjustly, the legal system will not provide a remedy.

This is the way things are, but is this the way things should be? Consider that it can take hours to organize and lead a dungeon adventure, and such organization often includes the formation of what are, basically, oral contracts with respect to responsibilities, loot sharing, and more. Additionally, it often takes days of in-game time for each individual member of that group to prepare. Each must progress through multiple phases of “gearing up” (acquiring preliminary items and armor), “leveling up” (improving a character’s abilities through completion of various objectives), and meta-gaming (educating oneself on game mechanics and enemy strategies). Players indirectly pay for the items they acquire using real money, via both subscription fees and the up-front purchase price of the game. Some scholars believe that these very characteristics, comparable to easy-to-understand real-world concepts like “paying for something” or “earning something,” may justify fashioning legal protections akin to those found in real-life property and contract cases.

Beyond the fundamental fairness concerns raised above, there are also questions of practicality plaguing proponents of developer-control. While EULAs can – and currently do – regulate player-to-developer interactions, there is no institutional framework in place to handle looting rights with respect to player-to-player scenarios. Without a background set of legal principles governing loot control, the resolution of loot disputes either depends upon a developer’s arbitrary, unguided, and procedurally insecure case-by-case judgment (the typical “solution” provided by EULA attempts to regulate player-to-player disputes, arbitrary because said EULA logically cannot preemptively codify answers to every possible dispute) or, as is more often the case, does not occur at all. Individual contracting with every potential player in the virtual world is, for obvious reasons, impossible.

Yet, simply extending real-world property rights into the virtual domain may not be the best solution. For example, characteristics fundamentally unique to their virtual nature, such as the collective use of a single avatar by groups or the possession of multiple avatars by an individual, may preclude the direct application of real-life rights to these online identities. Moreover, legal approaches too restrictive or too reminiscent of the real-world may undermine the escapism that most gamers find so initially captivating, and may apply pressure on potential developers to create games in other genres (or not at all). Players have made various stabs at solving these problems themselves, e.g., through creative use of reputational loss and pseudo-currencies, often nicknamed “Dragon Kill Points” or DKP, divvied out by agreement and based upon participation and good behavior. Unfortunately, these systems are limited by their inability to deal with actors unwilling to submit to continued group scrutiny. Taken to their logical conclusion, these systems can thus encourage the proliferation of insulated groups, fostering elitism and undermining the spirit of the online gaming community.

What can be done?

Virtual worlds are facing old problems but require new solutions. Thankfully, it is precisely in the uniqueness of these worlds where such solutions may be found. Indeed, the intrinsic mutual exclusivity of these realms vis-à-vis the real world and other virtual worlds lends them an experimental quality. Can these virtual worlds be used to test out new legal rules and regimes? With significantly more limited ramifications than those sure to follow from adopting broad reforms or innovations in the real world, as well as millions of players ready to serve as test subjects, the answer may be yes.

For additional reading: New York Law School: State of Play Volume 49 (a collection of scholarly articles by legal experts discussing the developing state of the virtual landscape)

• The Pentagon will now allow troops access to online social media like Twitter, YouTube, and MySpace, Business Weekly reports.

• The Federal Energy Regulatory Commission has given Google a license to trade energy on the wholesale market, as The Register reports.

• Notifications of website privacy policies do not appear to actually protect online privacy, the New York Times observes.

• From Computer Weekly: Pentagon hacker Gary McKinnon will have a new court date to determine whether he should be extradited from the United Kingdom to the U.S.A.

• BBC: Italy convicts Google executives for allowing the posting of a video of the harassment of an autistic teenager (see our earlier post on the case here, and Google’s official response here).

• All Facebook: Facebook gets a patent on its news feed.

• From CNET: Google’s Street View map photos do not conform to European Union privacy standards.

• A federal judge in Alexandria, Virginia, gives Microsoft a victory by ordering the deactivation of hundreds of e-mail addresses allegedly linked to spammers, reports the Wall St. Journal.

Last year, we published his article, The Devil in the Details: A Critique of KSR’s Unwarranted Reinterpretation of “Person Having Ordinary Skill”.  It has since been selected for inclusion in the Patent Law Review, an annual anthology published by West, as one of the best patent articles published in the last year.

Congratulations Professor Dzeguze!

• As it launches its cloud computing platform, Azure, Microsoft calls for federal regulation to clarify many of the open legal questions surrounding cloud computing, says the MTTLR Blog.

• Ten years after it applies, TiVo is granted patent for season pass subscriptions, writes Gizmodo (see our recent post on TiVo’s patent battle with Microsoft here).

• INFO/LAW recommends a Paul Ohm paper arguing that statistical techniques are eroding the effectiveness of anonymization of data, with great implications for privacy law.

• The Third Circuit revives the hopes of Mr. and Mrs. Boring, who sued Google in trespass after a Google Street View car drove down their private driveway, writes Eric Goldman.

• Ephemerallaw reports on the looming compliance deadline for the Massachusetts Data Security Law.

• Rob Tiller of Red Hat argues for calling a troll a troll at Opensource.com’s law channel.

• Mashable reports that the U.S. Department of Justice and the European Commission have given the go-ahead to the Microsoft-Yahoo deal that will see Yahoo’s search engine powered by Bing technology.

• The controversy surrounding Google’s Buzz is not confined to the U.S. (see our post): the Canadian Office of the Privacy Commissioner is also taking a look, says CBC News.

• Further afield, Indian IP blog Spicy IP considers whether the Indian Reprographic Rights Organisation (IRRO) might challenge the Google Books settlement, on the basis on India’s stricter “fair use” standard.

• It’s not just China: European security and rights watchdog, the Organization for Security and Co-Operation in Europe, calls on Turkey to reform or abolish its restrictive internet law.

• And also in Europe, Out-Law gives a round-up of just-decided and upcoming litigation involving trademarks and keywords.

Opting in vs. opting out, and the difficulties of opting out

Google automatically enrolled all Gmail users into Buzz without permission, rather than giving them the choice to opt in. Users could opt out after the automatic enrollment, but they could not avoid enrollment in the first place. And Google initially made things difficult and confusing for users who wished to opt out. The “turn off Buzz” button at the bottom of the Gmail inbox screen did not actually turn off Buzz unless the user deleted her Google profile and blocked her followers, as CNET reported. This initially confused many users although, as CNET explains here, Google has now made disabling Buzz much easier in response to complaints.

The cause of the outcry

One major cause for complaint was the way Google took users’ private e-mail address list and made them public in Buzz. The outrage over Google’s action highlights one of the few clear public-private boundary expectations that exist in online communications: we do not expect our e-mail communications or contacts to be known to our personal acquaintances.  On Facebook, those we have “friended” can generally see each other. But in e-mail, we do not expect each of our e-mail contacts to be made aware of each other simply because they’re in the same address book.  The myriad personal implications of this are obvious.  For example, people do not necessarily want their former significant others to know the e-mail addresses of their current partners. The consequences of this privacy breach can be severe: one blogger found her address book exposed to her abusive ex-boyfriend, as the New York Times reported. Furthermore, as the Times went on to explain, dissidents under authoritarian regimes have reason to fear their contacts being made available to any casual governmental monitor.

As Ars Technica commented, these problems arose directly from Google’s attempt to use information given by its users in a private context (e-mail) by linking it to a public service. Furthermore, Google also took public information (public Picasa Web Albums and Google Reader shared items) and connected it to users’ Buzz account. This made it likelier that the users’ Buzz contacts would see the albums or Reader items. Google defended this by saying the information was public anyway, but linking users’ public information to their social networking account still has consequences. Information that is not hidden behind a password may still be unknown to a user’s personal acquaintances, and the user may wish to keep it that way.  While technically Google “it was public already” defense may have some legal merit, it did not incur any good will from its users by failing to seek their permission on this issue.

Google’s response

Google has apologized and begun rolling back some of Buzz’s problematic features. Google got rid of the automatic creation of a Buzz contact list from users’ email accounts, made it easier to disable Buzz, and no longer automatically connects public Picasa Web Albums and Google Reader shared items to Buzz accounts. The response was both rapid and dramatic, which is a point in Google’s favor in the eyes of many complainants. However, because of the circumstances that made such a response necessary, Google’s critics are still not entirely satisfied.  

The legal repercussions

Google may have to face a class-action suit in federal court in San Jose, CA, the San Francisco Chronicle reports. Plaintiff Eva Hibnick of Florida is seeking to file the suit on behalf of all Gmail users whose account information was automatically linked to Buzz. The complaint accuses Google of unlawfully sharing personal information without permission, as ABC explains. The plaintiff seeks injunctive relief from similar actions in the future, as well as unspecified monetary damages.

Furthermore, the Electronic Privacy Information Center (EPIC) calls Google’s response inadequate, reports Digital Media Wire. EPIC argues that Google Buzz should be opt-in, rather than opt-out. Google’s most recent changes have made it much easier for users to opt out of Buzz, but they still must opt out. Additionally, EPIC argues that Buzz should not have access to Gmail address books. EPIC has also filed a request with the Federal Trade Commission to investigate Google Buzz.

The Electronic Frontier Foundation has also sharply criticized Google Buzz. The EFF’s arguments go beyond the immediate impact of the Buzz features and suggest that courts should be more skeptical of the Google Books settlement. As the EFF points out, a BBC report suggests that Google did not properly test Buzz before launching it. As Google tries to finalize its Books settlement, as the BBC reports, the problematic Buzz launch suggests Google might use Books information for its own competitive advantage in the same way it used Gmail information. The EFF argues that the Buzz incident highlights the need for Google to make “firm enforceable commitments to protecting user privacy.”

The future

Buzz might be doing better than one might anticipate given the uproar. The New York Times reports that Google claims “tens of millions of people” tried Buzz in the first two days after its launch. Google competitors Microsoft (as MediaBistro reports) and Yahoo, meanwhile, are naturally pooh-poohing Buzz’s prospects. But one thing is clear. Google might get away with asking for forgiveness rather than permission while dealing with Google Books and other copyright law issues, but taking that cavalier approach to personal information is a different matter, even in an age of decreasing privacy. Google may be dealing with both the public relations fallout and the legal consequences of the Buzz launch for a long time.

Flash, owned and distributed by Adobe, is an extremely popular method to add animation and interactivity to web pages, used by over 85% of top websites.  Anyone who has visited YouTube, Hulu, or the vast majority of media rich websites has enjoyed the benefits of Flash.  Not surprisingly, many iPhone users are already demanding Flash.  Adobe reported that in December 2009 there were seven million attempts to download Flash from iPhones and iPod Touches.

With such a high level of demand, why would Apple refuse to adopt Flash on the iPad, a device well equipped to handle the technical requirements of Flash?  Well known entrepreneur Mark Cuban claims “[t]he reason is obvious. No flash, far less streaming over 3G… Less bandwidth consumed means AT&T can offer a great price on the 3G data service.”  A recent article in the Wall Street Journal offered a different explanation: “Flash would let users freely obtain the kinds of features they can only get now at the Apple App Store.”  In other words, Flash would allow users to watch videos and play games in a world outside of Apple’s control and revenue stream.

As word spread that the iPad would lack Flash, bloggers began to question Apple’s claim that the device would be the “best way to experience the internet.”  Some predict that the iPad’s closely controlled software environment could have a chilling effect on innovation.  Unlike traditional operating systems, the iPad and iPhone operating system forces all software downloads through the App Store, giving Apple significant control over how the devices are used.  Reflecting these concerns, Adobe reacted to Apple’s decision by stating that “[w]e strongly believe the Web should remain an open environment with consistent access to content and applications regardless of your viewing device.”

Normally, one would expect Apple to support Flash due to simple market forces, the argument being that without Flash, fewer people would buy the iPad, thus harming Apple’s profits.  Here, however, Apple is likely more profitable by excluding Flash in order to promote the App Store.  The absurdity of this situation begs the question of whether Apple’s decision is lawful and what might be done to intervene.

Net Neutrality Concerns

Traditionally, net neutrality has been discussed in the context of broadband providers attempting to restrict information exchanged by its networks.  An example would be a cable internet company curbing P2P traffic to save on bandwidth expenses.  Proponents of net neutrality rules argue that legislation or regulation is necessary to stop such limitations.  These rules are generally opposed by telecom providers but supported by consumers and web companies offering high bandwidth music, movies, and games.

Without delving into the merits of the debate, it is sufficient to state that the Obama administration supports net neutrality, prompting the FCC to propose new rules which would expand the scope of net neutrality for both wired and wireless providers.  While still in the rulemaking process, these rules could be codified by the FCC within the next few weeks.

Perhaps the most important new rule would require broadband providers to “treat lawful content, applications, and services in a nondiscriminatory manner.”  This broad provision provides exceptions in order to manage network congestion and prohibit unlawful content.  Under the plain meaning of this rule, Apple’s decision to exclude Flash content in favor of its officially sanctioned apps might very well be prohibited.

Apple may contend that the lack of Flash is a legitimate effort to manage AT&T’s network congestion.   This argument seems weak, however, because Flash requires no more bandwidth than many popular apps, such as the YouTube app and many newly approved voice over 3G apps.  It seems likely that the lack of Flash is really just a way to promote the App Store, making it difficult for Apple to fit this decision within the network management exception.  Even if it were trying to limit network congestion, network neutrality would demand a nondiscriminatory approach, such as offering tiered data plans or prohibiting all high bandwidth functions from the 3G network.

While the FCC has clear authority over wireless networks, it’s not entirely clear that it could mandate software requirements for mobile browsers.  Apple might argue that since it is not a broadband provider, these net neutrality rules should not apply to it.

Still, the FCC seems more than willing to get involved in this arena.  Last fall the FCC inquired into the rejection of the Google Voice app, which caused quite a bit of bad press for Apple.  The inquiry included broad questions about Apple’s method of approving apps.  Given the FCC’s general interest in the app approval process, it is not farfetched for the FCC to inquire about how Apple decides to reject standards in its web browser.

Officially, the FCC’s inquiry into the Google Voice rejection was part of ongoing proceedings into wireless open access and handset exclusivity.  However, it didn’t take a formal FCC ruling for Apple and AT&T to change course and allow voice over 3G apps.  A similar FCC inquiry in this instance might call enough attention to the matter that Apple would relent and decide to allow Flash without the need for formal proceedings.

It will be interesting to see if the FCC decides to get involved in this situation.  Given its recent focus on net neutrality and its willingness to question Apple’s activities, some sort of action in this instance would not be surprising.  Involvement would show that the FCC is serious about making the net a truly open place, even on wireless networks.