By Paul Rosenzweig, The George Washington University Law School
The term ‘privacy’ reflects a desire for the independence of personal activity—a form of autonomy—and we protect it in many ways. However, to actively protect this privacy, which is otherwise compromised by new technology, we need to formulate rules that prescribe limits to the unwanted and undesirable intrusions.
Privacy Control
Sometimes, we try to protect our privacy through secrecy, which effectively obscures the observation of conduct and the identity of those engaging in the conduct.
But, when we talk about privacy rights in connection with freedom of religion, or the right to marry whom we want, we protect our autonomy directly by allowing us to exercise our own individual choice of conduct.
Anonymity is another concept of privacy. It’s kind of middle ground where observation is permitted—that is, where we expose our actions in public, but where our identities and intentions are not ordinarily subject to close scrutiny.
Privacy Act
So, how do we protect privacy and its essential component of anonymity? The traditional system was a system of rules, and a system of oversight and compliance for those rules.
But, rules are static and they tend to be unchanging. They don’t account readily for changes in technology. Indeed, the Privacy Act—the central statute intended to protect individual privacy against government intrusion—is a solution that, instead, is emblematic of the underlying problem.
The principles of the Privacy Act are ill-suited to most new technological methodologies. The law was designed and passed at a time when the only way we could imagine organizing data was based on the name of the person to whom it related. In modern databases, we can sort the data in any one of multiple ways.
This is a transcript from the video series The Surveillance State: Big Data, Freedom, and You. Watch it now, on Wondrium.
New Systems to Protect Privacy
Thus, we’ve begun to develop new systems and structures to replace the old privacy systems. First, we’re changing the way we protect privacy from a top-down process of rules to one in which the principal means of privacy protection is through institutional oversight.
For example, when the Congress created the Department of Homeland Security, it included the requirement that the Department have an in-house privacy officer and another for civil rights and civil liberties.
Agencies to Oversee Intelligence Activities
The 2004 Intelligence Reform and Terrorism Prevention Act, and the Implementing Recommendations of the 9/11 Commission Act of 2007, went further. Together they outlined the requirement for a civil liberties protection officer within the intelligence community.
More generally, the independent Privacy and Civil Liberties Oversight Board now oversees all intelligence activities. This is a good set of changes. These institutions are, in effect, internal watchdogs for privacy concerns.
In addition, they naturally serve as a focus for external complaints, requiring them to exercise some of the functions of an ombudsman, if you will.
Watching the Watchers
Finally, and perhaps most significantly, the very same surveillance systems our government uses to advance its interests are equally well-suited to ensure that government officials comply with the limitations imposed on them in respect of individual privacy.
And there are already indications that strong audit mechanisms, when in place, can be effective. Recall the incident in the 2008 presidential campaign when contractors at the Department of State hacked into Barack Obama’s passport file. It was leaked for prurient, political reasons. But a strong audit function quickly identified the wrongdoers and allowed corrective action to be taken.
Learn more about how government and private industries use our data.
Consequence-based System
If we did reconfigure our conception of privacy, put the right control systems in place, and use a strong audit system for the government, we can have a reasonably confident, consequence-based system of privacy protection that would move us toward a place where real legal protections could be maintained.
It wouldn’t be perfect—there would always be mistakes and abuses, and it would be a lot more difficult to manage in the real world than the cut-and-dried, pure privacy protections we have in place now. But, we need a solution that is more in sync with today’s technological realities.
Privacy: Government Vs. Commercial Sector
But, what about the commercial sector? The Constitution doesn’t apply to private commercial actors. The Fourth Amendment serves only as a limit on government activity, so that’s not a potential avenue for protecting privacy.
Unlike government surveillance—where the purpose is, at least theoretically, to protect national security—when the Congress steps in to limit commercial surveillance, the only negative consequence might be to interfere in the development of new technologies and markets.
Commercial Use of Technology
At this point, the value of commercial use of new technology has become so deeply embedded in the business model of corporate America that it’ll be difficult to modify it.
After all, why do you think that Facebook, Google, and lots of other Web-based services are free? You aren’t paying up front for those services. But, of course you’re paying in another way, often with information about you. Commercial companies value that information; it lets them know what to sell you, or how to try and influence you.
Learn more about the evolution of privacy in the home.
Intrusion of Privacy by Private Players
If we change that business model—and we can—then in the end, you will have to pay for those ‘free’ Web-based services. However, in the commercial sphere, we’re already moving toward a system that looks like consequence-based intrusion of privacy.
In order to protect your privacy and prevent the misuse of your data, you need to know what will happen to it. And, you need to be able to control the use of it. Slowly, the laws are moving in that direction.
Increasingly, companies are being criticized for overly invasive uses of your data, and they’re changing what they do. Throughout the world, but especially in Europe, free Web-based services are being called to account, and told to publicize what they do and build in options that allow you to manage how your data is collected and used.
The commercial sector is resisting, but the trend is pretty clear.
Common Questions about Protecting Our Privacy
The Privacy Act is ill-suited, as it was designed and passed at a time when the only way we could organize data was based on the name of the person to whom it related. In modern databases, we can sort the data in any one of multiple ways.
The Privacy and Civil Liberties Oversight Board oversees all intelligence activities.
Many Web-based services are free because they often collect our data, which is valuable to commercial companies, as it lets them know what to sell us or how to try and influence us.
