Normally that is the case here in Sweden too, which is one reason why this law has been hotly debated before it was passed in the Riksdagen (the Parliament). In fact, you can normally do whatever you like with the pictures you own, with no permissions required from people in the photo, the theory being that it is the photographer who owns the rights to the image, not the people in the picture. (Although you can be subject to libel suits if the photo subjects are portrayed negatively, and you are generally not allowed to use photographs without model releases in advertising.)
Well, the photo may not have been innocuous but still be justified. Let's say for example (I just made this one up) that a public figure denies knowing a particular organized crime boss. Then some investigative reporter photographs them both in bed together using a telephoto lens from across the street. That act would normally be a violation of the new law (and here intent matters - if your intention was to capture the building because you're interested in architecture it's not a violation but if your sole purpose was to catch them in the act you are), but since it can be deemed of public interest the photographer is not in violation of the law (but the publisher faces the risk of a libel law suit if he publishes, but that's another matter of course).
It is still troublesome that it is the very ACT of photographing that is criminalised, not what they are later used for, which means that the photographer must be more aware when shooting - perhaps with little time to consider - rather than being able to contemplate the picture afterwards.
So what would happen if the harassment law was amended such that you could sue for harassment even if you didn't know you were being harassed? How could that possibly work? (And note here that there are different laws for harassment and libel.) Anybody who disliked someone could claim to have been harassed for just about anything thought up after the fact.
Also, did you even read my coment properly? The risk of "criminalising ordinary behaviour" is just about nonexistent.
This law has three requisites, that need to be fulfilled for it to take effect:
1) The photography must be HIDDEN. That is, the moment you bring out your camera in full view, none of it applies.
2) The hidden photograpy must take place without permission from the subject(s)
3) The act must take place in an environment where the subject(s) have a reasonable right to expect privacy. That is, indoors in ones own home, inside a dressing room, in a restroom or similar environments.
This law is meant to complement laws against harassment, where the law is interpreted such that you cannot claim to be harassed in cases where you didn't realize AT THE TIME that you were being photographed.
That particular loophole, if you will, led to extensive debate here in Sweden a while back, after a couple of public cases were tried and the accused was acquitted of harassment after having secretly videotaped his tenant in her bathroom using a hidden camera. He was on the other hand convicted of violating the privacy of her home by entering without permission in order to install the hidden camera.
Under this new law he would be convicted of unlawful harassing photography since the law's three requisites would have been fulfilled.
There are also two excemptions to the law:
1) regarding law enforcement use of hidden photography; that is you can still be subject to being spied on if you're a reasonable suspect of a crime.
2) reasonable use. If it can be shown after the fact that the photography was justifiable, for example to gather evidence or for a photo journalist to document something of public interest, the law doesn't apply.
So, in summary, although fears have been raised by free speech activists and others (me included), the law actually does seem to be well written and sufficiently narrow in scope to not hinder everyday use of photography.
And it sounds to me like he's trying very hard to follow protocol here but can't even get off the starting blocks. I don't see any revelation of vulnerability details on the twitter feed in question, do you? In fact, isn't the joke really that there are people who doesn't even bother to read what they're commenting on?
If I'm not mistaken, an 800 number is a toll free number in the United States. Well, have you ever tried calling one from abroad? That's one of the problems here. This guy is (like me) situated in Sweden, which as some of you may know is OUTSIDE the US borders.
To put it simply: He CAN'T call that number no matter what. It just doesn't work.
Which brings me to the next reason he's probably reluctant to phone, namely that Sweden is six (or seven, depeding on whether summer time is in effect) hours east of New York, meaning that for him to actually find someone to answer the phone in the other end he's going to have to call late in the afternoon or evening, local time.
As to the other options, snail mail or fax... well, I shouldn't have to comment on that, should I?
That said, he could probably have been a bit more creative in trying to find someone not shielded by first line support to talk to, had he tried for example googling for someone on linked in associated with Amex security as someone suggested here.
But the whole point is, why the h*ll should he have to??
He found/heard of/(re)searched/stumbled upon/whatever a serious security problem and as a good netizen he wanted to inform the party involved, and was unable to find someone to talk to, in part because he wasn't a customer.
That's not good security policy no matter how you look at it.
Techdirt has not posted any stories submitted by Benny L.