In the News

Christopher Hoofnagle in the news:

Court says the FTC can slap companies for getting hacked

Christopher Hoofnagle quoted in Wired, August 24, 2015

“The law has always imposed responsibility on companies for the care of their customers. When you’re in the restaurant you have to be protected against slips and falls or food-borne illness,” says Hoofnagle. “Data is just something new that companies have to protect if they want to bear the benefits of collecting it.”

For tech titans, sharing has its limits

Christopher Hoofnagle quoted in The New York Times, March 14, 2015

Christopher Hoofnagle … said that while it was noteworthy that data merchants were seeking greater personal privacy themselves, they also may well be on the right track. A nondisclosure agreement, which keeps intimate information from ever getting online where it can spread, “is the sensible thing to do.”

The cyberattack on Sony Pictures made employees collateral damage

Christopher Hoofnagle quoted in The Washington Post, December 3, 2014

“This attack looks more like a crime meant to harm the victim than to extract some economic benefit, which makes it very different from the card breaches and the like.”

91 percent of Americans say consumers have ‘lost control’ of online privacy

Christopher Hoofnagle quoted in Deseret News National, November 12, 2014

“Companies can confuse the user by promoting ‘trust’ or brand awareness instead of real privacy protections,” Hoofnagle said.

Google has been scanning users’ emails

Christopher Hoofnagle quoted in Pacific Daily News, September 16, 2014

It turns out that Google, which bases its business on collecting and analyzing huge reams of data for advertising purposes, has been scanning users’ emails even before users have a chance to open or read them, including email messages that are deleted without being opened.

Exit, voice, and the privacy paradox

Christopher Hoofnagle writes for Medium, August 4, 2014

Privacy surveys find that individuals care about privacy, but any observer of social networks can find a great deal of profligate, ill-advised information sharing. 

The robot defense: how Google saw privacy before Snowden

Chris Hoofnagle quoted on PBS Frontline, May 20, 2014

“Gmail was a privacy disaster,” Chris Hoofnagle, director of the Berkeley Center for Law & Technology, told Frontline. “The moment you allow people to look at the content of your communication for some advertising purpose is the moment that the government is going to come along and say, ‘If you’re going to let them listen in for advertising, why don’t you let us listen in for anti-terrorism or for serious crimes?’”

Google fights e-mail privacy group suit calling it too big

Chris Hoofnagle quoted in Bloomberg Businessweek, February 27, 2014
Chris Hoofnagle … said in an e-mail that while the Google case is “very important,” courts “almost never award the full amount of potential statutory damages in privacy cases. Defendants in these cases often have mitigating circumstances that reduce damage awards, and they argue that extra-large awards violate their due process.”

Is Sacramento the world’s capital of Internet privacy regulation?

Paul Schwartz, Deirdre Mulligan, Chris Hoofnagle quoted in Forbes TECH blog, January 6, 2014
Paul [Schwartz] explained that the state-federal dialogue has broken down because the current Congress is gridlocked. Meanwhile, California continues enacting “a tidal wave of California privacy laws.” He cautioned against waiting for a “federal Godot,” i.e., expecting Congress to reengage productively on privacy regulation.

Deirdre Mulligan … praised California’s long reputation for privacy leadership. She said regulators outside California look to California as a laboratory of experimentation, and those experiments have ripple effects across the globe.

Chris Hoofnagle … said notice-and-choice is based on rational choice theory, but consumers don’t always act rationally…. He believes consumers see the words “privacy policies” as seals, i.e., certifications of minimum protections. He favors correcting this by establishing minimum substantive legal standards for anyone who uses the term “privacy policy.”

NSA using Internet ‘cookies’ to find targets

Chris Hoofnagle quoted in Washington Post, December 10, 2013

“On a macro level, ‘we need to track everyone everywhere for advertising’ translates into ‘the government being able to track everyone everywhere,’” said Chris Hoofnagle, a lecturer in residence at the University of California at Berkeley School of Law. “It’s hard to avoid.”

FTC explores risks of native deception, need for labeling

Chris Hoofnagle quoted in Online Media Daily, December 4, 2013

“Really smart people may come to different conclusions about what ‘sponsored’ means,” said Chris Hoofnagle, a lecturer in residence at the University of California, Berkeley, School of Law. Hoofnagle added that he thinks “sponsored by” indicates an arrangement—which was typical on PBS—where a company pays to have its name associated with a show that was created independently. Online, however, “sponsored by” often refers to content that an advertiser has created.

Advertisers scared as Internet giants look to cut cookies out of their diets

Christopher Hoofnagle interviewed by Marketplace, November 8, 2013

“What’s happening is the privacy risk is changing from 100s of trackers to just a handful of them,” Hoofnagle said. The word is that tech giants just might start tracking our devices. Hoofnagle says right now, consumers can set their browsers to block cookies. But if your device is being tracked? “People will not be able to block collection,” he said. “So you have to trust that they’ll use it responsibly.”

Cookies that track Internet users are dying out

Christopher Hoofnagle quoted in San Jose Mercury News, October 29, 2013

Chris Hoofnagle … predicted the new methods will give consumers “less privacy, because they will have less control.”

To what end are we connecting the world?

Christopher Hoofnagle writes for The Huffington Post, October 21, 2013

In The Circle, Dave Eggers describes a near future where a single company—The Circle—intermediates all communication. Convinced of its own benevolence, Circle employees expand the company’s offerings into creepier and creepier domains, while propounding punched-up versions of the philosophies of Larry Page, Eric Schmidt and Mark Zuckerberg.

Google reminds everyone that we are the product

Christopher Hoofnagle quoted in San Francisco Chronicle, October 11, 2013

So the move does no favors for the company’s tired mantra of “Don’t Be Evil,” something academics like Chris Hoofnagle, director of Information Privacy Programs at the UC Berkeley Center for law and technology have argued is “an albatross” and should be disregarded because most of Google’s self-described gallantry is prescribed by law anyway.

Online privacy concerns growing

Chris Hoofnagle quoted in the San Francisco Chronicle, October 2, 2013

“Google knows exactly who you are because there is so much authentication built into Google’s services,” Chris Hoofnagle…said in an e-mail. “We are moving to an authenticated Web where one is always signed in, and that authentication, even if on the surface (it’s) pseudonymous, typically indicates the user’s identity.”

Protecting privacy hinges on reining in companies

Christopher Hoofnagle writes for San Francisco Chronicle, July 28, 2013

We have to limit the ability of firms to collect and maintain data. Firms take the same position on privacy as the NSA: They believe that collecting data does not raise any privacy interest; only the use of data can create a privacy problem. This is an appealing but dangerous position. It leaves personal information in the hands of institutions desperate to monetize it, with little ability for individuals to prevent or even detect objectionable uses of data.

Think twice before giving your zip code to a retailer

Christopher Hoofnagle quoted in WUSA9, June 25, 2013

“Stores can take this information to a data-broker and ask them to match up the name with the zip-code in order to get the person’s home address. And they can get other information too. They might be able to get an e-mail address or a phone number as well,” says Chris Hoofnagle with UC Berkeley Law School.

Stern words, and a pea-size punishment, for Google

Christopher Hoofnagle quoted in The New York Times, April 22, 2013

Enforcement is at a turning point, Mr. Hoofnagle said, and fines could blossom, especially if a tech company’s privacy violation caused serious harm. “We’re still working out as a society what the harms are for privacy violations, and we’re not likely to see hundreds of millions of dollars in fines unless blood is spilled,” he said. “But you can see how that could happen.”

Mobile wallet technology raises privacy, security concerns

Christopher Hoofnagle quoted in McClatchy Newspapers, March 18, 2013

Consumer protections for mobile payments aren’t really on policymakers’ agendas, said Chris Jay Hoofnagle…. “The FTC knows about these problems and it has written about them, but we’re very early in this process and these types of data transfers are not noticeable to the consumer, so one question is will the consumer ever object?” he said. “Going to mobile payments – unless rules are put in place – will be zero privacy,” he said.