|
META TOPICPARENT | name="FirstPaper" |
| | Introduction
The Obama administration recently released its Consumer Data Privacy Framework advocating for new legislation to comprehensively define consumer data protection rights. Unlike many European countries, the United States does not have a law regarding privacy for all aspects of personal data collection on the Internet. Outside of several sectors, such as health care and credit reporting, the Federal government does not have laws protecting consumers from commercial exploitation of personal data. While the Electronic Communications Privacy Act does set up some marginal protection from government intrusion into electronic communications, it does not protect people from third parties. Since third parties are so proficient at collecting personal data, the government does not want to excessively curtail this activity. The Framework, while high in rhetoric, is empty in substance precisely because the government does not truly care about individual privacy. | |
> > | The government benefits from continuing to perpetuate the idea that technology works for its users while allowing man-in-the-middle attacks to circumvent that model. It can monitor the public while also restraining the power of the data miners in exploiting their trade. By pitting the users against the companies, the government can manipulate both sides to perpetuate itself. | | What the government says it cares about
In the Framework, the administration claims that the current world lacks “a clear statement of basic privacy principles that apply to the commercial world.” It is true that there is no definitive statement of privacy principles on the books. The Federal Trade Commission has broad powers under § 5 of the FTC Act to prosecute “unfair or deceptive acts” and it has used this power to go after perceived privacy problems with some Internet companies. However, because technology evolves so quickly, it is necessary that the law be based on standards rather than rules. As ECPA demonstrates, clearly defining privacy rules based on contemporary technological practices becomes archaic and pointless. Instead, the Framework embraces setting standards about personal data collection and use based on Fair Information Practice Principles: individual control, transparency, respect for context, security, access and accuracy, focused collection, and accountability. This is certainly the better path to take to ensure that technology does not outpace legal protection.
The administration claims that consumers need some protection in order to maintain consumer trust in networked technologies and that the Framework will provide such protection. While it may be true that consumers need to trust Internet companies for them to use online services, it is questionable as to what it would take for consumers to lose that trust as almost every new Facebook “feature” was eventually adopted by users. Yet, despite Mark Zuckerberg’s efforts to shift the privacy paradigm into sharing is good, privacy as a concept still sounds desirable to most Americans. This allows the Obama administration to claim that it is looking out for the public interest in promoting privacy.
What the government actually cares about | |
< < | Despite its public relations side espousing principles of personal data autonomy, the government has an interest in encouraging the public to disregard privacy. There is no need for the government to do its own spying when people voluntarily give up every detail of their lives and their friends’ lives to online companies. The government can rely on these companies to collect the information and freely reach into their databases whenever it needs something that it may otherwise be prohibited from acquiring itself. Hence there is a dichotomy between protecting the public from voracious companies out to ravage personal data while making sure that the government has access when it wants. In other words, it is bad when private companies do gather and sell personal data, but not when it is for the government.
Under the principle of Focused Collection, “[c]ompanies should securely dispose of or de-identify personal data once they no longer need it, unless they are under a legal obligation to do otherwise.” This “legal obligation” can be broadly read, but it illustrates what the government wants. In the section explaining what potential consumer data privacy protection legislation should avoid, it lists the following, among others: | > > | Despite its public relations side espousing principles of personal data autonomy, the government has an interest in encouraging the public to disregard privacy. There is no need for the government to do its own spying when people voluntarily give up every detail of their lives and their friends’ lives to online companies. The government can rely on these companies to collect the information and freely reach into their databases whenever it needs something that it may otherwise be prohibited from acquiring itself. Hence there is a dichotomy between protecting the public from voracious companies out to ravage personal data while making sure that the government has access when it wants. In other words, it is bad when private companies do gather and sell personal data, but not when it is for the government. For example, under the principle of "Focused Collection," “[c]ompanies should securely dispose of or de-identify personal data once they no longer need it, unless they are under a legal obligation to do otherwise.” This “legal obligation” can be broadly read, but it illustrates what the government wants. | | | |
< < |
- Altering existing statutory or regulatory authorities pursuant to which the government may obtain information that is necessary to assist in conducting border searches, investigating criminal conduct or other violations of law, or protecting public safety and national security.
- Contravening the ability of law enforcement to investigate and prosecute criminal acts, and ensure public safety.
- Altering existing statutory, regulatory, or policy authorities that apply to the government’s information practices or address privacy issues outside of a purely commercial, consumer oriented context.
The government can’t be too persuasive in its rhetoric. It still needs its backdoor. | > > | The government can’t be too persuasive in its rhetoric. It still needs its backdoor. By portraying the data miners as the villains, it also repositions itself in the eyes of the public. Uncritical Americans may believe that the government actually has their individual interests at heart, rather than the true goal of the government—maintaining social order. This keeps the users from banding together with the data companies against the government. In theory, there could be a market for privacy, but attacks on data miners by the government keep the coalition from forming. Additionally these companies already are at the mercy of the government; there is little they can do to resist the force of a government demand when the laws are extremely favorable for intelligence agencies. All they can do is seek immunity from private suits, a condition the government is more than willing to provide. This further alienates the public and the companies, while deflecting criticism away from the government’s practices. | | Why the government can say one thing but mean another
Because the government has an interest in people continuing to voluntarily give away all their information to companies, it can draw a distinction between wrongful collection of personal data and wrongful use. Under collection, the administration can say all it wants about data autonomy and informed consumers, but it knows that consumers do not care enough about their data autonomy for informed consent to mean anything. People do not realize why it is problematic for them to expose their lives and the lives of others to third parties and the government. It does not matter how much is explained to them when convenience trumps privacy. | |
> > | Although this may describe some consumer behavior towards commercial privacy now, this does not mean that user privacy preferences do not evolve. As demonstrated by the outrage over Facebook’s purchase of Instagram, there is a vocal minority that actively reject Facebook’s intrusion into other Net activity. These protests indicate that there is some user resistance to centralizing Net activity. These Instagram users were already sharing their personal pictures, but they drew the line at allowing that data to be assimilated into the Facebook complex. This disaggregation instinct can be directed against the government’s efforts to consolidate all personal data. But as long as the government can hold the threat of terrorism over its citizens, it would be politically arduous, and even potentially treacherous, to roll back the intelligence machine. | |
A very good draft. A few points I would add to your thinking: |
|