AaronChanFirstPaper 2 - 28 Apr 2012 - Main.EbenMoglen
|
|
META TOPICPARENT | name="FirstPaper" |
| |
< < | | |
A Privacy Framework that Changes Little | |
Introduction | |
< < | The Obama administration recently released its Consumer Data Privacy Framework advocating for new legislation to comprehensively define consumer data protection rights. Unlike many European countries, the United States does not a law regarding privacy for all aspects of personal data collection on the Internet. Outside of several sectors, such as health care and credit reporting, the Federal government does not have laws protecting consumers from commercial exploitation of personal data. While the Electronic Communications Privacy Act does set up some marginal protection from government intrusion into electronic communications, it does not protect people from third parties. Since third parties are so proficient at collecting personal data, the government certainly has an incentive to not excessively curtail this activity. The Framework, while high in rhetoric, is empty in substance precisely because the government does not truly care about individual privacy. | > > | The Obama administration recently released its Consumer Data Privacy Framework advocating for new legislation to comprehensively define consumer data protection rights. Unlike many European countries, the United States does not a law
regarding privacy for all aspects of personal data collection on the Internet. Outside of several sectors, such as health care and credit reporting, the Federal government does not have laws protecting consumers from commercial exploitation of personal data. While the Electronic Communications Privacy Act does set up some marginal protection from government intrusion into electronic communications, it does not protect people from third parties. Since third parties are so proficient at collecting personal data, the government certainly has an incentive to not excessively curtail
this activity. The Framework, while high in rhetoric, is empty in substance precisely because the government does not truly care about individual privacy. | | What the government says it cares about
In the Framework, the administration claims that the current world lacks “a clear statement of basic privacy principles that apply to the commercial world” (emphasis added). It is true that there is no definitive statement of privacy principles on the books. The Federal Trade Commission has broad powers under § 5 of the FTC Act to prosecute “unfair or deceptive acts” and it has used this power to go after perceived privacy problems with some Internet companies. However, because technology evolves so quickly, it is necessary that the law be based on standards rather than rules. As ECPA demonstrates, clearly defining privacy rules based on contemporary technological practices becomes archaic and pointless. Instead, the Framework embraces setting standards about personal data collection and use based on Fair Information Practice Principles: individual control, transparency, respect for context, security, access and accuracy, focused collection, and accountability. This is certainly the better path to take to ensure that technology does not outpace legal protection. | | Because the government has an interest in people continuing to voluntarily give away all their information to companies, it can draw a distinction between wrongful collection of personal data and wrongful use. Under collection, the administration can say all it wants about data autonomy and informed consumers, but it knows that consumers do not care enough about their data autonomy for informed consent to mean anything. People do not realize why it is problematic for them to expose their lives and the lives of others to third parties and the government. It does not matter how much is explained to them when convenience trumps privacy. | |
< < |
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines: | > > |
A very good draft. A few points I would add to your thinking: | | | |
< < | | > > | First, it will help to consider "the government" a complex entity
with many moving parts. The language you quote and on which your
political analysis depends should be read as the boundary established
in the policy coordination process by the intelligence and internal
security entities. As you will have seen over course of the term,
DoJ, Homeland Security and the DNI form a coalition that can
efffectively resist anything on the "commercial" side. The
commercial parties (network operators, Goog, FB, other data miners)
have realized that the intelligence and security services are strong
enough to demand impunity, and so the commercial parties are
insisting on complete immunity from rule of law for all their "good
faith" cooperation with the intelligence and security services. FTC,
as an "independent" agency, is bucking the WH-DoJ position and going
after Google where it can. The privacy guidelines represent the
overall WH coordination of the FTC and Commerce Department positions
on commercial privacy, minus any animus with Google, which has
cemented its relationship with the WH in defeating SOPA/PIPA, and
with all the carve-outs demanded by the intelligence and security
services, represented for these purposes primarily by the DNI.
Second, we are not very far along in the analysis when we have
discovered that formal government policy is speaking out of both
sides of its mouth. Thurman Arnold would no doubt say that in
politics, any creed embodying only a proposition and its opposite is
not yet fully fleshed out. The real strength of your thinking lies
in the insight that commercial collection and commercial use
implicate different elements of the overall play of governmental
interest. You haven't fully considered why the problem is "getting
code in" to commercial mining operations, rather than "getting data
out," or why the US government has a specific advantage in dealing
with the miners on this subject.
Third, your point about collection and convenience as the individual
user sees the situation is observationally verified, but it is only
guaranteed to be true in the short term. Over the next several
decades, people will grow up whose relationship to the Net will be
quite different. Depending on the educational effects of our
efforts, they will either be completely uninterested in privacy,
in which case the Net will become the Matrix, or they will come to identify
freedom with changing the behavior of the Net so that it controls
them less and assists them more. That's where the work we are doing
touches the fundamental nature of human destiny. | | | |
< < | Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list. | | \ No newline at end of file | |
> > | |
|
AaronChanFirstPaper 1 - 28 Feb 2012 - Main.AaronChan
|
|
> > |
META TOPICPARENT | name="FirstPaper" |
A Privacy Framework that Changes Little
-- By AaronChan - 28 Feb 2012
Introduction
The Obama administration recently released its Consumer Data Privacy Framework advocating for new legislation to comprehensively define consumer data protection rights. Unlike many European countries, the United States does not a law regarding privacy for all aspects of personal data collection on the Internet. Outside of several sectors, such as health care and credit reporting, the Federal government does not have laws protecting consumers from commercial exploitation of personal data. While the Electronic Communications Privacy Act does set up some marginal protection from government intrusion into electronic communications, it does not protect people from third parties. Since third parties are so proficient at collecting personal data, the government certainly has an incentive to not excessively curtail this activity. The Framework, while high in rhetoric, is empty in substance precisely because the government does not truly care about individual privacy.
What the government says it cares about
In the Framework, the administration claims that the current world lacks “a clear statement of basic privacy principles that apply to the commercial world” (emphasis added). It is true that there is no definitive statement of privacy principles on the books. The Federal Trade Commission has broad powers under § 5 of the FTC Act to prosecute “unfair or deceptive acts” and it has used this power to go after perceived privacy problems with some Internet companies. However, because technology evolves so quickly, it is necessary that the law be based on standards rather than rules. As ECPA demonstrates, clearly defining privacy rules based on contemporary technological practices becomes archaic and pointless. Instead, the Framework embraces setting standards about personal data collection and use based on Fair Information Practice Principles: individual control, transparency, respect for context, security, access and accuracy, focused collection, and accountability. This is certainly the better path to take to ensure that technology does not outpace legal protection.
The administration claims that consumers need some protection in order to maintain consumer trust in networked technologies and that the Framework will provide such protection. While it may be true that consumers need to trust Internet companies for them to use online services, it is questionable as to what it would take for consumers to lose that trust as almost every new Facebook “feature” was eventually adopted by users. Yet, despite Mark Zuckerberg’s efforts to shift the privacy paradigm into sharing is good, privacy as a concept still sounds desirable to most Americans. This allows the Obama administration to claim that it is looking out for the public interest in promoting privacy.
What the government actually cares about
Despite its public relations side espousing principles of personal data autonomy, the government has an interest in encouraging the public to disregard privacy. There is no need for the government to do its own spying when people voluntarily give up every detail of their lives and their friends’ lives to online companies. The government can rely on these companies to collect the information and freely reach into their databases whenever it needs something that it may otherwise be prohibited from acquiring itself. Hence there is a dichotomy between protecting the public from voracious companies out to ravage personal data while making sure that the government has access when it wants. In other words, it is bad when private companies do gather and sell personal data, but not when it is for the government.
Under the principle of Focused Collection, “[c]ompanies should securely dispose of or de-identify personal data once they no longer need it, unless they are under a legal obligation to do otherwise” (emphasis added). This “legal obligation” can be broadly read, but it illustrates what the government wants. In the section explaining what potential consumer data privacy protection legislation should avoid, it lists the following, among others:
- Altering existing statutory or regulatory authorities pursuant to which the government may obtain information that is necessary to assist in conducting border searches, investigating criminal conduct or other violations of law, or protecting public safety and national security.
- Contravening the ability of law enforcement to investigate and prosecute criminal acts, and ensure public safety.
- Altering existing statutory, regulatory, or policy authorities that apply to the government’s information practices or address privacy issues outside of a purely commercial, consumer oriented context.
The government can’t be too persuasive in its rhetoric. It still needs its backdoor.
Why the government can say one thing but mean another
Because the government has an interest in people continuing to voluntarily give away all their information to companies, it can draw a distinction between wrongful collection of personal data and wrongful use. Under collection, the administration can say all it wants about data autonomy and informed consumers, but it knows that consumers do not care enough about their data autonomy for informed consent to mean anything. People do not realize why it is problematic for them to expose their lives and the lives of others to third parties and the government. It does not matter how much is explained to them when convenience trumps privacy.
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list. |
|
|
|
This site is powered by the TWiki collaboration platform. All material on this collaboration platform is the property of the contributing authors. All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|