CS406: Information Security

Privacy’s obituary has been written many, many times, but the patient lingers on. One of the most famous law review articles of all time, "The Right to Privacy", was written in 1890 about a new camera that could make images without the subject holding a still pose. The authors, Samuel Warren and Louis Brandeis, lamented this invasive development and recommended that privacy invasions be classified as a tort - a social wrong for which there would be an economic remedy.

Today we hear the similar lament: Privacy is dead. But unlike Brandeis and Warren, we aren’t pushing hard for legal protections for our personal information. Instead, we’re giving up. Elderly Luddites wag a finger at young people for using Facebook and other social apps. We are told to "get over it" if we want cool new innovations.

Privacy does not have to be an all or nothing thing. Sure, technology is changing privacy, but law can help. We can legislate greater protections to counterbalance the privacy harms of new technologies, while still enjoying their benefits. And we’d better act quickly, because a range of new cool devices is about to come online and blow privacy out of the water. 

Everything you do online is trackable, from the websites you read, to your search queries, to your social networking posts. Enjoying the fruits of modern living means unintentionally and unavoidably spilling tons of sensitive information. It’s not just using Facebook or online gaming. Search queries, Web browsing, online banking reveal our interests, our reading, our finances, and more.

The data shedding is only going to get worse. Increasingly, our offline activities will create a data trail, too. Cellphones track our physical location through space and time. More and more of the everyday appliances we use are networked together and connected to the Internet. The business buzzword for this is the "Internet of Things". The term means that hardware devices such as your stove, your thermostat, your car, which were originally stand-alone machines will be controlled through the Internet. These innovations are awesome. I can preheat the oven before I get home from work. I can get an estimate to fix my car without having to go into the shop. But these connected devices take our offline physical lives and make them digital and networked. In short, they become subject to surveillance. The heat was off all weekend, so we are probably out of town. I stopped going to church, perhaps I am having a crisis of faith. My Fitbit says I’m not sleeping. Is my insomnia indicative of a health problem? Burglars, gossips and insurance companies all may want to use these things against us in improper ways.

What’s worse is that while the corporate collection of data allows for free online services and new discoveries, it is a funnel for information to flow to the U.S. and other governments, entities that do not always act responsibly or respectfully of human rights. Certainly, surveillance data is used to go after criminals, drug dealers and tax cheats. But U.S. police officers and intelligence agents also use such data to monitor Muslim Americans and social movements such as Occupy Wall Street and Black Lives Matter. If this happens in the U.S. just think about how bad it’s going to be for the next billion Internet users, who will almost all come from countries that do not have a Bill of Rights or a First Amendment.

We must not just throw our hands in the air and give up. That’s what the data brokers demanding endless permissions to collect and crunch information about us for targeted advertising and for resale to insurance and financial companies want. That’s what law enforcement and intelligence agencies eager to "Collect It All" want, frictionless spying. But that’s not what’s good for a democracy or for human rights.

Targeted surveillance focusing on suspected criminals and terrorists is necessary and appropriate, but right now surveillance is sweeping - without judicial supervision, probable cause or individualized suspicion. There are legal bills right now languishing in Congress that would protect email and your physical location from warrantless searches. This legislation should be passed. Further, we need to expand privacy protections to cover buddy lists, drive backups, social networking posts, Web browsing history, medical data, bank records, face prints, voice prints, driving patterns, DNA and more. Good laws can ensure that the U.S. government only gets information when there’s good cause, and not for trolling or social oppression.

Of course, U.S. privacy law isn’t going to help vulnerable people in other countries - homosexuals in India, religious minorities in Saudi Arabia or human rights workers in Syria. These people need to be able to trust their secrets to the technology they use. But the U.S. fights against secure cellphones and online services in favor of insecure, surveillance-friendly networks that oppressive governments can access and which put people around the world at risk. The U.S. plan is to risk individual safety in exchange for maintaining and growing its surveillance advantages. That’s wrong, and shortsighted.

Privacy is at a crossroads, and we have to make important decisions. Are we going to give up, or are we going to use the tools at our disposal to protect privacy and security? We have to stop overriding the few privacy laws we have to gain a false sense of online security. We have to utterly reject secret surveillance laws, if only because secret law is an abomination in a democracy. We have to secure, not undermine, communications networks for people around the globe. Are we going to do any of these things?

Source: Jennifer Granick, http://cyberlaw.stanford.edu/blog/2015/09/data-and-protecting-right-privacy
This work is licensed under a Creative Commons Attribution 3.0 License.