Site Meter

Category: Privacy

Surveillance Man 02
0

10 Reasons Why Privacy Matters

Why does privacy matter? Often courts and commentators struggle to articulate why privacy is valuable. They see privacy violations as often slight annoyances. But privacy matters a lot more than that. Here are 10 reasons why privacy matters.

1. Limit on Power

Privacy is a limit on government power, as well as the power of private sector companies. The more someone knows about us, the more power they can have over us. Personal data is used to make very important decisions in our lives. Personal data can be used to affect our reputations; and it can be used to influence our decisions and shape our behavior. It can be used as a tool to exercise control over us. And in the wrong hands, personal data can be used to cause us great harm.

2. Respect for Individuals

Privacy is about respecting individuals. If a person has a reasonable desire to keep something private, it is disrespectful to ignore that person’s wishes without a compelling reason to do so. Of course, the desire for privacy can conflict with important values, so privacy may not always win out in the balance. Sometimes people’s desires for privacy are just brushed aside because of a view that the harm in doing so is trivial. Even if this doesn’t cause major injury, it demonstrates a lack of respect for that person. In a sense it is saying: “I care about my interests, but I don’t care about yours.”

3. Reputation Management

Privacy enables people to manage their reputations. How we are judged by others affects our opportunities, friendships, and overall well-being. Although we can’t have complete control over our reputations, we must have some ability to protect our reputations from being unfairly harmed. Protecting reputation depends on protecting against not only falsehoods but also certain truths. Knowing private details about people’s lives doesn’t necessarily lead to more accurate judgment about people. People judge badly, they judge in haste, they judge out of context, they judge without hearing the whole story, and they judge with hypocrisy. Privacy helps people protect themselves from these troublesome judgments.

Read More

6

Online Voter Information and Privacy

Donny-Osmond-007Did you ever want to know Donny Osmond’s birthday, along with his voter registration status? Now you can find out, through a simple website which has posted the entire Utah state voting roll to the internet in easily searchable form. What if you’re looking in Colorado, Connecticut, or a half dozen other states? Their voter rolls are online too, sometimes with additional information like addresses.

Is this troubling? It’s one thing to post Donny Osmond’s birthday to the internet; that information is on Wikipedia anyway. It’s more troubling to post the private information of tens of thousands of everyday people, many of whom may have no idea that this online database exists.

The website pooh-poohs potential privacy concerns and touts the potential value of this information — it could help in genealogical projects, for instance. The site also points out that this information is legally available already as public records which anyone could order. That is troubling itself (it illustrates what kind of information marketing companies and others could be buying right now).

But I’m also not convinced by the “this is available anyway” argument. As scholars like Dan Solove and Danielle Citron have pointed out, sometimes structural barriers and transaction costs create a sort of informal, de-facto privacy protection, which everyday citizens may depend on. When a company acts to strip away those barriers, it threatens everyone’s privacy.

3

We Will All Be Jaime Sommers – 3D printing ears

Thanks to 3D printing and advances in material sciences, questions I had a few years ago about what data is sent, how we are regulated, and of course illusive ownership are hitting home for biomedical, implanted devices. I wrote about some of these issues in a short piece about the implications of a post-human world. I thought about implanted medical devices and the idea that we are becoming appliances with all the contracts and data issues we see online moving to the body.

On the one hand, I love some of the outcomes of this engineering. For example, what if we all could be the Bionic Woman? Michael McAlpine of Princeton may be making it so that anyone could have a bionic ear, and he wants to improve us even more. He is engineering:

a synthetic ear made with a 3-D bioprinter, is a realization of that vision. The complex biomechanical structure was fabricated by depositing live cells and conductive silver in layers. It started as an exploration of material properties, but commercial applications started to appear rapidly. He discovered that cochlear implants, a leading treatment for those with some hearing impairment, are made by hand in a slow and laborious process with costs to match.

His work draws on the way hearing works. The interface sends “the electronic signal right into your medula and brings us one step closer to a world where we can learn kung fu by plugging into a computer.” That idea is fantastic (as in fantasy) but his main point, “It will just be considered normal that you have electronics embedded in your body, … You won’t think its weird that a door will just open up as you walk towards it. We will become cyborgs and it will be seen as just a normal thing” connects to my piece.

So on the other hand, as these changes move forward, we will have to consider what is control over health and other data that may come from within us. Security and hacking will take on new dimensions. I also think that class will play a role. If devices and surgery are expensive but “natural” will only the rich get to have them? Will the poor be stuck sneaking steroids will the privileged pay for dexterity enhancement?

I don’t think dystopia is ahead. I think these questions are the right and fun ones to consider and manage. Again the New Year looks good.

P.S. Jamie Boyle’s Shamans, Software, and Spleens is ever more relevant, as we move into the next technology era.

0

Digital Death – What Happens to Your Digital Stuff

What happens to your to your email and other digital content after you die? That question continues to pop up. Back in 2008, I wondered about the issue in a paper called Property, Persona, and Preservation. I noticed a sort of cloud effect. Once we moved email to the web, we were distanced from our creations. For those interested in the theories behind my argument, read the whole paper. But if you want to skip to the policy and application material, skip to part III starting at page 111.

In fact, while I was at Google, Google and a few other email providers started to come up with ways to let heirs access content and to let creators of content signal whether they wanted that work to be shared with heirs. Those solutions tracked some ideas I offered. I am not sure whether the paper was part of their reading but was happy to see the changes. Nonetheless as Pew shows, how we preserve, protect, and control that work will continue to be a problem. The Pew report notes that states and the Uniform Law Commission are starting to come up with laws to address digital estate issues. I will write a follow up to this post, but for now, I offer that any solution should allow Service Providers the ability to set defaults and users to alter them. In short, if someone wants to have an email account for things he or she would rather not have known, the user should be able to click a setting that says “This email account will self-destruct upon the provision of a death certificate.” Now we might want to let an executor verify these wishes and so on rather than relying on Service Provider’s insight or discretion. Still a clear signal about what one wants can be built into how we preserve or destroy our digital history.

0

NSA Metadata Surveillance and the Fourth Amendment

Phone NSA 01

 

A U.S. District Court recently held that the NSA surveillance of telephone metadata likely violates the Fourth Amendment. The case is Klayman v. Obama.

The NSA surveillance program involves an incredibly broad gathering of metadata about people’s conversations. Metadata doesn’t include the conversations themselves, just data about when and to whom they are made — i.e., not the content of the phone conversations but the phone numbers of the people having the conversations.

The key Fourth Amendment case at issue is Smith v. Maryland, 442 U.S. 745 (1979), which held that a pen register device capturing the phone numbers a person dialed wasn’t protected by the Fourth Amendment partly because the phone company had access to the phone numbers and partly because phone numbers weren’t viewed to be as sensitive as the phone conversations themselves.

The court in Klayman has an interesting view of why Smith v. Maryland is no longer applicable. Essentially, the court argues that the pen register information the government could gather when Smith was decided is much different from the very broad systematic gathering of phone records today.

The Klayman court relies on the U.S. Supreme Court’s fairly recent decision in United States v. Jones, 132 S.Ct. 945 (2012), where five justices in concurrences noted that wide-scale extensive surveillance technologies have different implications than there older more limited counterparts. Jones involved GPS, and the Court there distinguished an earlier case involving a beeper device that tracked a car. In a concurring opinion, Justice Alito wrote that “relatively short-term monitoring of a person’s movements on public streets accords with expectations of privacy that our society has recognized as reasonable. But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy. For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.”

I find much merit to the Klayman court’s analysis. I have long argued that Smith was wrongly decided, and not too long ago, I wrote here about why there are strong privacy interests in metadata.

Read More

0

Exciting news for the Center on Democracy & Technology: Nuala O’Connor Appointed President and CEO

Brilliant news: CDT’s Board of Directors just announced that Nuala O’Connor has been named President & CEO, effective January 21, 2014. O’Connor will succeed Leslie Harris, who is stepping down after leading CDT for nearly nine years. As the privacy community knows well, Harris provided extraordinary leadership: vision, enthusiasm, and commitment. O’Connor will build on that tradition in spades. She is the perfect leader for CDT.

From CDT’s announcement:

“Nuala drove an ambitious civil liberties agenda as the first Chief Privacy Officer at the Department of Homeland Security in a post 9-11 world. She fought for and implemented policies to protect the human rights of U.S. and global citizens in a climate of overreaching surveillance efforts. The Board is thrilled to have Nuala at the helm as CDT expands on 20 years of Internet policy work advancing civil liberties and human rights across the globe,” said Deirdre Mulligan, CDT Board Chair.

O’Connor is an internationally recognized expert in technology policy, particularly in the areas of privacy and information governance. O’Connor comes to CDT from Amazon.com, where she served both as Vice President of Compliance & Customer Trust and as Associate General Counsel for Privacy & Data Protection. Previously she served as the first Chief Privacy Officer at the U.S. Department of Homeland Security (DHS). At DHS, O’Connor was responsible for groundbreaking policy creation and implementation on the use of personal information in national security and law enforcement.

“I am honored to join the superb team at the Center for Democracy & Technology. CDT is at the forefront of advocating for civil liberties in the digital world,” said O’Connor. “There has never been a more important time in the fight to keep the Internet open, innovative and free. From government surveillance to data-driven algorithms to the Internet of things, challenges abound. I am committed to continuing to grow CDT’s global influence and impact as a voice for the open Internet and for the rights of its users.”

“Nuala is a brilliant choice to lead CDT. She is a passionate advocate for civil liberties, highly expert about the emerging global challenges and fully committed to CDT’s mission. She is a bold leader who will guide CDT into its next chapter. I have had the honor of working with CDT’s talented and thoughtful team for almost nine years. I am confident that they will thrive with Nuala at the helm,” said Leslie Harris.

Beyond her experience at Amazon and DHS, O’Connor has also worked in consumer privacy at General Electric, and as Chief Counsel for Technology at the U.S. Department of Commerce. She also created the privacy compliance department at DoubleClick and practiced law at Sidley Austin, Venable, and Hudson Cook.

O’Connor, who is originally from Belfast, Northern Ireland, holds an A.B. from Princeton University, an M.Ed. from Harvard University, and a J.D. from Georgetown University Law Center. She currently serves on numerous nonprofit boards, and is the recipient of a number of national awards, including the IAPP Vanguard Award, the Executive Women’s Forum’s Woman of Influence award, and was named to the Federal 100, but is most proud of having been named “Geek of the Week” by the Minority Media & Telecom Council in May 2013. She lives in the Washington, D.C. area with her three school-aged children.

2

The NSA’s Santa Surveillance Program

I was able to obtain the latest National Security Agency (NSA) memo leaked by Edward Snowden.  I reprint it in full below.

TOP SECRET AND CLASSIFIED

THE NATIONAL SECURITY AGENCY

SANTA SURVEILLANCE PROGRAM (SSP)

 

Intelligence reports have indicated an alarming amount of chatter between citizens of the United States and a foreign organization with unknown whereabouts somewhere near the North Pole.  The organization is led by an elderly bearded cleric with the alias, “Santa.”

We have probable cause to believe that this “Santa” organization is providing material support to terrorist cells in the United States.  On numerous occasions, “Santa” has reportedly entered the country illegally by flying across the border in a stealth aircraft.  He delivers contraband to various enemy combatants who request weapons and other military vehicles and aircraft.

For example, the intercepted letter below is from an enemy combatant by the name of “Johnny Smith”:

NSA Santa 01

Another letter, written by enemy combatant “Mikey Brown” – an alias for Michael Brown – indicates a desire for a weapon of mass destruction called “the Death Star.”   Mikey is now being questioned at an unidentified secure location.

Santa has an army of followers who call themselves “elves” and who train in Santa’s camp.  We fear that these elves are highly radicalized.

Based upon a recent dramatic increase in chatter between the Santa organization and enemy combatants in the U.S., we will initiate a new surveillance program caked the “Santa Surveillance Program” (SSP).

We will monitor all communications by all people everywhere.  For minimization standards, we will limit our surveillance to human beings only and not include other life forms.

The SSP will be ongoing until “Santa” is terminated by a drone attack.

Cross-posted at LinkedIn

0

With Great Power Comes Great Responsibility

In a sentence, Anupam Chander’s The Electronic Silk Road contains the good, the bad and the ugly of the modern interconnected and globalized world.

How many times do we use terms like “network” and “global”? In Professor Chander’s book you may find not only the meanings, but also the possible legal, economical and ethical implications that these terms may include today.

It’s well known that we are facing a revolution, despite of recent Bill Gates’ words that “The internet is not going to save the world”. I partly agree with Mr. Gates. Probably the internet will not save the world, but for sure it has already changed the world as we know it, making possible the opportunities that are well described in The Electronic Silk Road.

However, I would like to use my spot in this Symposium not to write about the wonders of the Trade 2.0, but to share some concerns that , as a privacy scholar, I have.

The problem is well known and is connected to the risk of the big data companies, that base their business model on consumer-profiling for selling advertisement or additional services to the companies.

“[T]he more the network provider knows about you, the more it can earn” writes Chander, and as noted by V. Mayer-Schönberger and K. Cukier in their recent book Big Data, the risks that could be related with the “dark side” of the big data are not just about the privacy of individuals, but also about the processing of those data, with the “possibility of using big data predictions about people to judge and punish them even before they’ve acted.”.

This is, probably, the good and the bad of big data companies as modern caravans of the electronic silk road: they bring a lot of information, and the information can be used, or better processed, for so many different purposes that we can’t imagine what will happen tomorrow, and not only the risk of a global surveillance is around the corner (on this topic I suggest to read the great post by D. K. Citron and D. Gray Addressing the Harm of Total Surveillance: A Reply to Professor Neil Richards), but also the risk of a dictatorship of data.

This possible circumstance, as Professor Solove write in the book Nothing To Hide “[…] not only frustate the individual by creating a sense of helpness and powerlessness, they also affect social structure by altering the kind of relationships people have with the institutions that make important decisions about their lives.”

Thus, I guess that the privacy and data protection ground could be the real challenge for the electronic silk road.

Professor Chander’s book is full of examples about the misuse of data (see the Paragraph Yahoo! in China), the problem of protection of sensitive data shared across the world (see the Paragraph Boston Brahmins and Bangalore Doctors), the problem about users’ privacy posed by social networks (see Chapter 5 Facebookistan).

But Professor Chander was able also to see the possible benefits of big data analysis (see the Paragraph Predictions and Predilections), for example in healthcare, thus is important to find a way to regulate the unstoppable flowing of data across the world.

In a so complex debate about a right that is subject to different senses and definitions across the world (what is “privacy” or “personal data” is different between USA, Canada, Europe and China for example), I find very interesting the recipe suggested by Anupam Chander.

First of all, we have to embrace some ground principles that are good both for providers and for law and policy makers: 1) do no evil; 2) technology is neutral; 3) the cyberspace need a dematerialized architecture.

Using these principles, it will be easy to follow Professor Chander’s fundamental rule: “harmonization where possible, glocalization where necessary”.

A practical implementation of this rule, as described in Chapter 8, will satisfy the different view of data privacy in a highly liberal regimes and in a highly repressive regime, pushing the glocalization (global services adapt to local rules) against the deregulation in the highly liberal regimes and the “do no evil” principle against the oppression in the highly repressive regime.

This seems reasonable to me, and at the end of my “journey” in Professor Chander’s book, I want to thank him for giving us some fascinating, but above all usable, theories for the forthcoming international cyberlaw.

3

The Life of Pi in the Electronic Silk Road

The Life of Pi presents an epic journey that a boy survives by maximizing spiritual strength in the most adverse circumstances. Called Pi, the boy harnesses curiosity, spirituality, and love to go through his adventurous “international” journeys through religions, cultures, and most notably nature with a stormy ocean.

In his new book The Electronic Silk Road: How the Web Binds the World in Commerce, Anupam Chander also narrates an epic journey that we must embark on in the digital age. Skillfully written with elegant prose, the book explores complex challenges posed by culture, politics, and technology associated with trade in information services.

As a boundless venue hosting trade in services, cyberspace turns out to be the ocean that Pi crossed. According to Anupam, it has enormous barriers blocking the freedom of trading information services in the global context. Culture matters. While some information services are totally fine in western societies, they may be seen as hostile to Islamic beliefs. Politics matters. It has resulted in information suppression in certain authoritarian countries. Technology matters. It facilitates the growth of information services. But it has been used to block trade in information services.

The great firewalls that exist in the electronic silk road best illustrate the difficulty of promoting trade in information services. As mighty as the storm and waves that Pi suffered on the ocean, they are utilized by repressive regimes to monitor, filter, and even shut down the Internet. In 2010 Google withdrew its operations from mainland China. This incident, as I understand from reading Anupam’s book, is a shipwreck as serious as the one that Pi remembers as the darkest day of his life. But it is also a shipwreck similar to the one that Pi regards as a new journey into knowing himself, other beings with him, and the world or nature at large.

On the one hand, Google’s retreat sounded the loudest alarm to the protection of freedom of information in repressive regimes. Nearly 1.3 billion Chinese citizens as well as many other fellow human beings are subject to cyberspace information suppression by authoritarian regimes. As Anupam bluntly reminds us, “[w]hen allied with willing Internet service providers, websites, software providers, and financial intermediaries, a government can gain an omniscience heretofore unknown.” In the digital age, it is the cross-border information services that supply state-of-the-art technologies and abundant financial resources to the authoritarian regimes.

On the other hand, the Google incident calls for immediate and long-term interventions in order to reshape cyberspace as a sphere free of uncivilized surveillance. This journey to information freedom is, indeed, as arduous as the one that Pi experienced across the ocean and continents. Religion, language, imagination, dignity, and even capacity for love all play an important part contributing to Pi’s triumph. The same applies to the journey toward information freedom. After all, people subject to information suppression live with (or without) different religions and speak different languages. Therefore, the capacity for a concerted effort to empower human dignity and love to address information suppression varies significantly across the world. Toward the end of book, Anupam hints that the World Trade Organization, an international institution that governs global trade both in goods and services, might be of little help to resolve this issue. Without any competent international organizations charting the map, the journey to the heaven of information freedom is destined to be a long and tricky adventure.

Reading The Electronic Silk Road together with The Life of Pi prompted me to think about issues that go beyond information suppression existing in repressive regimes. I realized that there are two major issues looming large in the digital age. While we enjoy the unprecedented freedom, convenience, and entertainment that digital technology can bring to us, we must ponder the dark side of digital technology and how the law should tackle it.

First and foremost, we can identify and understand the ways in which the ubiquity of information services can spawn profound problems. The Life of Pi conveys problems of this kind: hostility toward another religion and culture; indifference to other human beings deemed as inferior; and unwillingness to reciprocate others’ good deeds (Richard Parker, the tiger who has a human name, runs into the nearby jungle without a glance back). All these problems remain for Pi, although he has miraculously made it to shore. Online information services have caused similar problems. For example, the websites hosting information services are rife with fraud. Shortly after I posted an advertisement on Craigslist for subleasing my apartment last fall, I received several emails through which the senders attempted to persuade me to deposit money into their bank accounts before they took over the lease. After doing a bit research about online fraud, I could not help asking myself why there are so many people who choose fraud as their jobs.

Thus, digital technology is a double-edged sword. It promotes free flow of information and provides the social glue to bind many people together to wage revolutions against repressive regimes (e.g., the Jasmine Revolution). However, it also wields the power to alienate many people from the social network of direct interactions, leaving them increasingly alone in their spaces of egoism. Today, the majority of people on the subway spend much of their time using their smartphones or tablets. They appear in the tangible public spaces, but they confine themselves to those machines connected with the Internet, enjoying the private fun of checking Facebook or Twitter, playing electronic games, reading news, shopping online, or watching YouTube videos. Digital technology has facilitated widespread use of emails and text messages, further reducing the occasions for face-to-face conversations, greetings, or smiles. Thus, these trends raise the question whether digital technology promotes engagement with others or reinforces the individual quest for solitude. A new book by Sherry Turkle, Alone Together: Why We Expect More from Technology and Less from Each Other, has a comprehensive and nuanced discussion about this tangled issue.

How should the law tackle the double-edged nature of digital technology? Law is critically important in this regard, because it informs people of what they can and cannot do. Anupam teaches us that core to the law regulating trade mediated via cyberspace is the protection of “the right of individuals to share and receive information.” This core right prioritizes the “delivery and consumption” of information “regardless of frontiers” (p.202). His novel proposal that combines globalization together with harmonization of laws serves the full realization of this right.

But can celebration of the individual right to share and receive information offer means by which we can deal with the alienating effect of digital technology? In other words, does the language of rights really increase the consciousness of sharing information as it purports to? To some extent, it does. Anupam proves this with many vivid examples, particularly the Jasmine Revolution in which sharing information about freedom and democracy was the focal point. But as I discussed earlier and others’ works have proven, digital technology has also driven an increasing number of people to withdraw from traditional means of communication and confine themselves to an egoistic world of isolation.

I believe the language of responsibility can play a big part in dealing with this problem. In my recent article entitled Copyright and Responsibility, I point out that law “regulates human affairs through rules that require people to enjoy their freedoms and exercise their rights in responsible ways.” Responsibilities always come together with rights. Without the infusion with responsibilities, rights are meaningless. Persons are not only individuals but also social members of communities, countries, and the whole world. As social members, persons must not single-mindedly pursue only the realization of their individual rights. Rather, they should also constantly ask what responsibilities they should take on and how they can fulfill them in their social membership.

Anupam does mention the importance of responsibility. For example, he urges that Internet service providers follow the “Do No Evil” responsibility, which requires them not to collaborate with repressive regimes that suppress the free flow of information. Indeed, this responsibility is crucial. But should we also ask Internet service providers to take on more responsibilities to encourage people to spend slightly less time using computers, smartphones, or tablets and slightly more time interacting with others in various ways? In this sense, Internet service providers may have a responsibility to cultivate a healthy environment and culture for human interactions. A follow-up question is whether individuals should have the responsibility to spend slightly more time paying attention to others and their communities via computers, smartphones, or tablets.

Both The Life of Pi and The Electronic Silk Road prompt me to think more about the problems in the human world. The Life of Pi teaches me how a person can grow and mature through overcoming tough challenges and even evils. Anupam’s The Electronic Silk Road teaches me how globalized human societies can continue to flourish through overcoming the obstacles caused by national boundaries and the self-centered energy embedded in each human being. Both The Life of Pi and The Electronic Silk Road celebrate the beauty of human spirituality and its power to deter selfishness and even evil.