Privacy Bulletin: Issue No. 61

U.S. Supreme Court Deciding Extent of GPS Tracking

In the United States v. Jones, the Supreme Court will determine under which circumstances law enforcement agencies are permitted to use technology to collect and use a person’s GPS location information. The Circuit Court rejected the lower court’s conviction of Jones that resulted from law enforcement’s use of Jones’s GPS data on the basis that, with such GPS surveillance, the story told by the sum of information collected is greater than what is revealed by any one bit of information, and that the sum of a person’s location information is private information that is not exposed to the public.

In the November 8 oral argument before the Supreme Court, the Solicitor General of the United States, citing Supreme Court precedent, asserted that law enforcement agencies are permitted to track individuals on public roads, on grounds that people do not have a reasonable expectation of privacy when driving their cars on public roadways. During the argument, Jones’s attorney and the Court addressed whether there is a difference between a traditional police surveillance, such as a police car following a suspect, and police surveillance by GPS tracking, and Jones’s attorney asserted that GPS tracking is an unreasonable invasion of privacy because the human element of the surveillance has been removed. In essence, Jones’s attorney argued that the police could devote unlimited manned resources to surveillance, but that the invasion of privacy stems from the employment of GPS technology to perform unlimited surveillance, because society would not expect the human element (i.e. the physical police presence) would be removed from surveillance.

Ultimately, the decision will have significant bearing on the balancing of two conflicting matters: the extent of the public’s right to privacy versus law agencies desire (and, perhaps need) to effectively track potential criminals and conserve agency resources, an issue that has become increasingly relevant with today’s budget constraints. The future of Business monitoring and surveillance of employees will likely be affected by the outcome of this case, as the court establishes a standard for what society believes to be reasonable in electronic surveillance.

Did Microsoft Force a Stealth Monitoring System on Cellphone Users?

In Cousineau v. Microsoft Corp., W.D. Washington No. 2:11CV0438, a case where the use of cell phones has been used to determine a person’s location, the plaintiff is seeking class action status in a complaint against Microsoft. The case involves whether the Microsoft Windows Phone 7 application surreptitiously forced users into its non-stop geo-tracing program. The plaintiff alleges that even when a user turned off the tracking feature, the information still was sent to Microsoft. In response, Microsoft said there was a software error in the code. Microsoft has filed a motion to dismiss the case.

AccuWeather Accused of Using Weather Report to Pinpoint Customer Location

Goodman v. HTC America [referred to as the AccuWeather Case], filed in the United States District Court, Western District of Washington at Seattle, is one of the first cases to claim that intrusive and unprotected software is a consumer defect under the consumer protection laws filed in. The Plaintiffs alleged that a mobile phone manufacturer and application developer installed the AccuWeather application on their phones ostensibly to provide convenient weather reports, but subsequently used the application to transmit plaintiffs’ locations for other purposes (including “fine” geographic location data, which identifies the latitude and longitude of a particular device's location within several feet at a given data and time). Plaintiffs also claimed that defendants failed to meet accepted baseline information security standards (by transmitting the information in an unencrypted manner), and acknowledged a product defect but failed to alert purchasers, rectify the defect, investigate data usage and/or onward transfer of detailed geographic location data, or remediate the third-party retention of the data.

Medical Company Sued in Class Action After Huge Data Breach

The complaints of Class-action lawsuits filed (in Sacramento County Superior Court and Alameda County Superior Court) against Sutter Medical Foundation and Sutter Physicians Services allege that compromised patients’ data was not properly secured because it was unencrypted and stored in an unsecure location, and that Sutter failed to notify patients that their information had been compromised within the timeframe set forth under California law.

A Sutter company computer, containing the names, addresses, birth dates, phone numbers, and health insurance information of over 3.3 million patients, as well as detailed descriptions of medical procedures and/or diagnoses of more than 900,000 patients, was stolen in mid-October. Information on the computer was protected by password, however, it was not encrypted.

For more information, please contact one of the following attorneys or any member of the Privacy and Data Protection Team.

Ted Claypoole: (704) 331-4910

Jonathan Gross: (704) 350-6370