Thursday, March 20, 2014

Why mugshot bill at Legislature is not good policy or a bad bill

Today there was a hearing before the Minnesota House Public Safety Finance and Policy Committee on House File 1940 which would put barriers in front of public access to mugshots.  I did a post on this bill several weeks ago. 
This is the mugshot bill heard today with an amendment.  This is testimony I ran across.  Some hard points and devastating arguments against the bill and I wanted to share with you.


TESTIMONY OF MATT EHLING
BOARD MEMBER
MINNESOTA COALITION ON GOVERNMENT INFORMATION

HEARING ON HF 1940
March 20, 2014

Thank you for the opportunity to testify on this bill.  This bill raises several important issues - most of which are not immediately apparent, so allow me to address them at some length. 

1)  First, we recognize that this bill is an attempt to address a legitimate problem.  However, how one chooses to defines that problem goes a long ways toward describing the appropriate solution.  If we characterize this problem as one of mug shot sites inaccurately labeling people who have been arrested, as convicted persons, there are already remedies in law for that sort of behavior.  An aggrieved person could bring a defamation lawsuit today to address just this matter, without the need for additional legislation.

2)  If we define the problem as one of having mug shot websites “profiteer” by charging a fee to remove images, then there is a separate solution available.  Other states, including New Jersey, have passed legislation making such conduct illegal.  That is perhaps the most efficient remedy to this situation.

3)  I would note that this second problem is remedied by Section 2, subdivision 3c of this bill - one single sentence of text.  While I commend Representative Norton for trying to address the underlying issue, the bill as written - and even as amended - contains many additional provisions that would cause serious, if unintended, consequences for data policy in this state.

4)  The first problem is that the bill would treat persons requesting mug shot data differently than other public requesters.  It would apply certain requirements to those requesters only - requirements that I’ll speak about in more detail in a moment.

When the Data Practices Act was conceived, it was done so in the context of securing access to government data for all Minnesotans - that is, its provisions applied equally to all users.  By starting down the path of requiring certain users to adhere to special parameters, we violate the egalitarian spirit that infused that original legislation.  Let us not have any assumptions that the exception created by this bill would only remain in this one section of statute -- others will come seeking its use, and will make “swiss cheese” of the rest of the statute by carving out special use exemptions.

The same is true of securing special privileges for particular requesters, as the amended language does.  While we respect the role of the press and seek their benefit, there is a larger proposition at work here.  John Finnegan - the architect of the Data Practices Act, and a newsman himself - was adamant that the Act not secure special rights for the media, but that its provisions should adhere to the public as a whole.  And particularly today, when the boundaries and definitions of the institutional media are in such flux, we should be very wary of defining who constitutes the media, and who does not.

5)  In regard to the parameters that the bill sets out for requesters, the bill would do these things:  It would require requesters to submit their name to the law enforcement entity that holds the data; it would also require them to submit a statement about where the data they obtain will be used, and what they intend to do with it.   This would be a practice at odds with the entire history of the Data Practices Act, which has never before sought to have any scrutiny over how requesters use public data.

That said of course, the Act does envision plenty of legislative control over data, but that control has rested with the classification of data -- whether data should be public or not public.  Once that is determination has been made, the government has traditionally had no more say over the use of data, unless a particular use violates a criminal statute (criminal defamation, for instance).  This bill would change that practice, and would begin a process of tipping the control over government data back toward the government, and away from the citizenry, by requiring citizens to register their intended uses of public data with the state.

6)  The biggest functional problem raised by this bill is not only that it would require users to file statements of use about the data they receive, but it would institute monetary damages for not filing those statements.  In certain contexts, this kind of activity walks very close to the line of what is called “prior restraint” in First Amendment law.  If enacted, the statute would require that someone who receives a booking photograph from another person would then need to fill out a statement of use and file it with a law enforcement agency - an arm of the government.  If they do not do this, then they become exposed to monetary damages.  Although a private party (the person in the photo) would be the entity seeking those damages, that mere fact that one has to file a statement with the government before transferring or publishing a photograph raises significant First Amendment issues, and the statute would likely be invalidated by the courts.

In short, Representative Norton is attempting to address real issues here, but we would strongly suggest that the bill be re-worked to avoid collateral consequences that will cause real and significant damage to data policy in Minnesota if adopted.  There is another way to do this, and I’d be happy to take any questions on the topic.

Sunday, March 9, 2014

Search warrants? We don't need no stinkin' search warrants

Since last summer there has been a lot of debate about the role of the NSA and it's surveillance techniques.  Even in Minnesota - pre-Snowden leaks - we've had our own privacy/surveillance issues: the spreading of license plate cameras and collection of the comings and goings of innocent Minnesotans, and the invasion of privacy by people who have access to the DVS databases. 
Besides that, Minnesota law enforcement agencies are seeking sensitive data from third parties such as Sprint, ATT, and Verizon that show the locations of their customers' cell/smart phones - both in real time, and historically.  They are doing this in a number of ways - including through the use of Kingfish/Stingray technology that I've written about before, as well as through administrative subpoenas.
Based on data requests, media coverage and testimony by law enforcement officials at a recent Minnesota House hearing, cops in Minnesota are making use of quarter century old laws written when there were no smart phones and GPS.
The grounds for requests for location data in Minnesota are based primarily on state laws that were written when there were no things such as the Kingfish/Stingray, or GPS location chips in cell/smart phones.  Under these laws, police only have to show, generally, that "location data" are "relevant" to a criminal investigation in the statutes.  The low standard is different than a Fourth Amendment based search warrant.  In data requests, it appears that law enforcement get location data in two ways primarily:  administrative subpoena or a court order.
Here is an example of subpoenas by the Minnesota Department of Public Safety.  Note the GPS location language.  This data is gotten by the Minnesota Department of Public Safety not by court order, search warrant, but by subpoena. 
In regards to the use of the Stingray/Kingfish, it seems that a low threshold court order is used - not a search warrant.
Over the last two years I have gotten information about this trend by using the data practices law.  This has been quite an experience in itself.  It took seven months to get access to court orders from the Hennepin County Sheriff.  It took several months to get four administrative subpoenas from the Minneapolis Police Department.  Some law enforcement agencies answered, others did not.
What the data requests showed is that Minnesota law enforcement is using advancements in technology to gain access to massive amounts of location data that intrudes on one's privacy and autonomy.  I have no problem with law enforcement using these tools if there is a real need.  But there has to be public discussion,  we have to know what law enforcement is doing, and there has to be robust, strong, privacy protections (search warrant) and accountability, public scrutiny, and transparency.
This issue is important. The data that the device in your pocket produces can reveal your associations and politics, or - as Justice Sotomayor stated - people do not "expect that their movements will be recorded and aggregated in a manner that enables the Government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on."
I support a legislative fix to this issue by requiring a search warrant for location information.  Bills HF2288/SF2466 would add that fix.  I encourage you to support these bills, too.