Call for Comprehensive Data Privacy Law
Bruce Schneier, security guru and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World, calls for U.S. comprehensive data privacy law in his article, “Our Data, Our Selves” (Wired Magazine, May 15, 2008). Nellwal, another data security expert and whistle blower, concurs in the “The Whislter Ear” blog; “[n]ational legislation,” Nellwal comments, “is slow in coming, the court systems are refusing to punish negligent companies that lose consumer data, and the agencies who regulate data protection and trafficking do little if anything to protect us.” See also Schneier’s blog: http://www.schneier.com/blog/
Unfortunately, as a nation, we seem to be complacent about out privacy. When asked, we express the desire to protect our privacy; but in action, we share our information freely for coupons at the grocery store. As individuals, we don’t take the time to question whether we are required by law to provide our information, to evaluate how this information will be used and aggregated, and to consider who will have access to it. When I talk to friends and colleagues about the issue, they frequently presume that our privacy rights are protected under the law and by the courts. After reading court opinions, however, they are shocked. The law has not kept up with technological change, and the courts frequently assume that technological change – “progress” – is always good. Further, the courts do not thoroughly consider cultural, gender, generational or personal differences in what is considered a “reasonable expectation of privacy,” which is often the relevant legal standard by which the courts base their opinions.
As data professionals, we collect more information than we need because we can. Then, we get function creep (e.g., see yesterday’s posting on license plate tracking)! We have lots of data at our fingertips, so we inevitably use it for purposes other than that for which it was originally collected. We need to recognize that the policies we establish to handle data are as important in protecting our information as the technical controls we implement (e.g., Anderson, R., Security Engineering: A Guide to Building Dependable Distributed Systems).
We may have competing values and interests, such privacy, the public’s right to know, free speech, value of public information, demand for convenient access, ease of Internet publication, tools for data mining, integration, and analysis, ability to profile and locate individuals, and the need for emergency management (Holland, W., Tension- Individual Privacy in the Age of the Internet and Insecurity, Fair & Equitable, February 2007, p. 12; see also Regan, P., Legislating Privacy); but, as a society, we need to do a better job of balancing these interests. We must recognize that privacy is a necessary ingredient of autonomy and freedom.
Location / Spatial Privacy
Over the next decade, information collected through RFID and micro/nano-sensor technologies will be analyzed and displayed using geospatial technologies and served up over the Internet (e.g., distributed sensing through Sensor Web), impacting our privacy in new ways.
For a great sociological and legal discussion of privacy as it relates to geospatial information and technology, refer to Michael R Curry’s “Chapter 7: The Digital Individual in a Visible World” in his book Digital Places: Living with Geographic Information Technologies; for a historical perspective, check out Mark Monmonier’s Spying with Maps: Surveillance Technologies and the Future of Privacy. Also see Kevin Pomfret’s discussions on spatial privacy on his blog Spatial Law.
For more on data privacy, also see the following books:
Agre, P., and Rotenber, M., Technology and Privacy: The New Landscape
Albrecht, K. and McIntyre, L., Spychips: How Major Corporations and Government Plan To Track Your Every Purchase and Watch You Every Move
Branscomb, A., Who Owns Information: From Privacy to Public Access
Garfinkel, S., Database Nation: The Death of Privacy in the 21st Century
Holtzman, D., Privacy Lost: How Technology is Endangering Your Privacy
O’Harrow, R., No Place to Hide
Regan, P., Legislating Privacy: Technology, Social Values, and Public Policy
Rule, J., Privacy in Peril
Solove, D., Rotenberg, M., and P. Schwartz, Privacy, Information, and Technology
Solove, D., The Digital Person: Technology and Privacy in the Information Age