I won the lottery. Does anyone have to know?

Posted: March 20, 2018

Three intriguing new cases related to privacy, legal and personal, just cropped up:

  • A court deals another blow to Facebook’s face-recognition program.
  • A landowner fights to keep spy cameras and border patrollers off his ranch.
  • And a lottery winner tries to stay anonymous.

Lottery winner won’t identify herself

Can you blame the lottery winner? She held the winning ticket for a $560 million jackpot, signed her name on the back of it, and has been fighting the state of New Hampshire over its plan to identify her.

The New Hampshire Lottery Commission says it warns players through its website that winners will be identified in accordance with the right-to-know law. The winner, however, said her right to privacy outweighs the public’s right to know and that in the recent past. Also, another winner recently used a trust to shield their identity. (Unfortunately, this new winner signed her name to the ticket prior to talking to a lawyer and establishing a trust.)

The winner’s state court filing included a litany of examples where abuse, including murder, has befallen public winners. The state said that if lottery winners aren’t identified, players will lose confidence in the enterprise.

Well before the verdict, the winner took her payout of $264 million after taxes and began making philanthropic gifts. “She intends to contribute a portion of her winnings to a charitable foundation so that they may do good in the world,” her lawyer said in a court filing. “She wishes to be a silent witness to these good works far from the glare and misfortune that has often fallen upon other lottery  ‘winners.’ ”

On Monday, she got her wish, though the ruling declared her hometown to be public information.

Get off of my land

In the spy camera case, a 74-year old rancher last fall discovered a video camera eight feet up a mesquite tree on his property, and promptly took it down. His property is reportedly 35 miles north of the Mexican border.

According to a detailed account in Ars Technica, federal Customs and Border Protections officials and the Texas rangers demanded the camera’s return. The incident capped years of run-ins between the rancher and CBP agents, protests of their alleged trespassing, and a traffic stop of his sons. He refused to return the camera and sued both agencies, leveling accusations of trespass and civil rights violations.

“Plaintiffs maintain that there is something creepy and un-American about such clandestine, surreptitious, 1984-style behavior on the part of Defendants—officers of the law,” the rancher/attorney, Ricard Palacios, argues in a civil complaint.

According to Ars Technica, federal law lets agents go onto property within 25 miles of the border for patrol work related to illegal entry. Palacios’ land is outside that range. Officials have declined comment, and Texas officials have claimed qualified immunity.

Class-action against Facebook gets green light

In the Facebook case, a federal judge declined to throw out a lawsuit that alleging that Facebook’s recognition technology violates’ users privacy by gathering and storing biometric data without users consent. The technology matches users to photos on the network even when they haven’t been tagged.

The case involves the Biometric Information Privacy Act (BIPA), a unique Illinois law requiring express written consent for capturing or storing biometric identifiers. As we discussed in a previous blog post, penalties include $1,000 for negligent violations and $5,000 for reckless or intentional ones.

US District Judge James Donato’s decision means a class-action case will proceed. “When an online service simply disregards the Illinois procedures, as Facebook is alleged to have done, the right of the individual to maintain her biometric privacy vanishes into thin air,” Donato wrote in a Feb. 26 ruling, according to Bloomberg. “The precise harm the Illinois legislature sought to prevent is then realized.”

In each case, we have individuals, separately or as a class fighting for rights against institutions. And in two of the cases, technology is central to the issue. As technology evolves and gains increasing dominion over information, a lot of that information will contain delicate personal, financial and health data.

And institutions, as we’re seeing vividly with the new European Union GDPR rules, will be expected to care for it – or maybe keep their hands off in the first place.