Computers, Privacy & the Constitution

Hello, World

Thousands of years ago, primitive man left colorful handprints on some cave walls in Lascaux, France. Hey, they seemed to say. I was here. The instinct to reach out and communicate with strangers unconnected by place and time reflects a human truth about the need for companionship in sentience. The first computer program any budding computer scientist learns to write greets mankind: hello, world. Advances in science and communications have caused the amount of such communication, and the richness of information that it conveys about the sender to increase dramatically.

Usually the ownership rights to consumer generated information are provided for via contract in the form of EULAs or other boilerplate licensing arrangements, and generally give all rights to the proprietor of the website. Thus, the list of music that you’ve been listening to as monitored by Last.fm belongs to them. Myspace is not your space; it belongs to someone else, as does a variety of information about your online purchasing of everything from groceries to pornography. The Internet is replete with transaction data and metadata. It also contains autobiographical information, such as social networking sites and personal web presences. It frequently contains governmentally-gathered data including criminal records, judgments, and bankruptcies. To the extent that people voluntarily disclose and/or agree to the collection of such a breathtaking amount of personal information in the name of convenience, narcissistic diversion, or a search for meaning, is there any role for the law to insure that they retain some degree of control over its use?

Important Ones and Zeroes

Two types of personal information are given special treatment by statute: medical information and credit information. The HIPAA is the most significant law regulating medical information. It requires some amount of anonymity in the form of an NPI (National Provider Identifier, a unique number that can’t be reused or transferred between providers), which minimizes use of a patient’s SSN or name, and regulates the use, acquisition, and disclosure of healthcare information. It has provisions to allow patients to review their own file and to demand the correction of inaccuracies. There is no private right of action under HIPAA, only an administrative review board within the department of Health and Human Services tasked with investigating allegations of wrongdoing and taking corrective action. Evidence suggests that oversight in the Bush administration was less than vigorous.

The Fair Credit Reporting Act governs credit reporting agencies that gather data on consumer creditworthiness. It requires mandatory deletion of negative information after seven years, except in the case of tax liens or bankruptcy, which have longer expiry periods. It also gives customers free annual access to their file, and establishes a dispute resolution procedure.

  • What about video rental records?

The most striking difference between health and financial information and other sorts of personal information is their relative importance, not necessarily in terms of their centrality to one’s sense of self, but instead due to the consequences of decisions surrounding such information. Neither statutory scheme allows consumers to modify or hide information that is true, provided that the sunset provision has not passed. It is as if to pretend that this information were shouted in a public square in London circa 1700. If the words are untrue but not spoken with malice, the citizen is at most entitled to a correction.

Should there be greater protection of personal information?

Companies with a presence on the internet who collect such information can make a reasonably strong contractarian argument for government non-interference. They provide a service that people value, and if people choose to spend their days cataloguing their consumer preferences on a website that they have freely chosen to use, perhaps the government should have nothing to say about it.

Maybe it is the seeming innocuousness of the data that is the problem. If all of the people who have made death threats against the President in the last 50 years loved The Catcher in the Rye, then the amount of information conveyed by our transactions, preferences, and intents is possibly much greater than we realize. The aggregation and mining of such data could reveal information at least as personal as our medical and financial records, and, with the growing use of websites like Facebook by prospective employers or college admissions counselors, could have consequences at least as significant.

Legislative Solutions

One way to deal with the influx of information would be to give consumers strong statutory rights to information that they have created. For example, require that all websites, being public facilities, must make the entry of identifying personal information purely optional. One could go further and require that all information surrounding a user be destroyed at their request, or bar the transfer of such information. It might also be possible to grant users an unwaiveable copyright interest in their works. It’s impossible to copyright databases and facts, but of course this doesn’t stop most websites from demanding all copyright interests in user-created or supplied work for themselves in their terms of use.

  • Isn't the question about legislation less "what possible rules can you think up?" and more "what rules could we possibly think up a way to compromise on?" I'm accustomed to thinking of legislative solutions as things that could happen, rather than as rules that a could be entertained by a despot with a whimsical turn of mind. In particular, how could we bring to an end the era of market-based industry self-regulation?

Navigation

Webs Webs

r2 - 15 Apr 2009 - 22:38:21 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM