Why privacy laws should be based on data use, not data possession
For years I’ve argued three points about privacy intrusions and surveillance:
- Privacy intrusions are a huge threat to liberty. Since the Snowden revelations started last June, this view has become more widely accepted.
- Much of the problem is the very chilling effects they can have upon the exercise of day-to-day freedoms. Fortunately, I’m not as alone in saying that as I once feared. For example, Christopher Slobogin made that point in a recent CNN article, and then pointed me to a paper* citing other people echoing it, including Sonia Sotomayor.
- Liberty can’t be effectively protected just by controls on the collection, storage, or dissemination of data; direct controls are needed on the use of data as well. Use-based data controls are much more robust in the face of technological uncertainty and change than possession-based ones are.
Since that last point is still very much a minority viewpoint,** I’ll argue it one more time below.
*There are actually two papers at the same link. The first 17 pages contain the one I cited as supporting the chilling effects point, and …
**… the second paper is a rare case of somebody else making the use-based controls argument.
Whether or not you personally believe that terrorism is a Big Scary Deal, a largish fraction of your fellow citizens long will. After all:
- Terrorism strikes fear. (That’s the essence of the word’s original definition.)
- Asymmetric warfare — the other current definition of terrorism — is the most practical way for most adversaries to threaten the US and other wealthy countries. (It works even better against poorer ones, actually.)
- Broad-brush defenses against terrorism — airport checkpoints and so on — are distressingly inefficient.
- Highly targeted defenses against terrorism rely on, yes, surveillance.
The obvious conclusion is: Anti-terrorism-oriented surveillance will be with us for a long time. Privacy controls will not be accepted if they (seem to) much hamper governments’ attempts to forestall terrorist acts. That eliminates the possibility of sweeping “Keep the government in the dark” kinds of laws.
Privacy observers nonetheless hope that data-flow controls alone can strike the needed balance between:
- Anti-terrorism and other uses of official surveillance.
- Our need to avoid surveillance’s chilling effects.
But I think their hope is vain, since technology is now much too complex and fast-changing for such rules ever to be gotten right. In particular:
- There are many kinds of highly intrusive monitoring technology, and they’re changing fast.
- There are many kinds of possibly-useful analytics, and they’re being added to fast.
- The analysis process is fundamentally investigative; you don’t know what works until after you’ve tried it, and hence you don’t know what kinds of data are most useful to you.
- It’s especially hard to predict what uses will be found for which combinations of data — and there are increasingly many kinds of data to combine.
The biggest point that most privacy commentators underestimate may be this: Monitoring of our daily activities is on track to become utterly pervasive, and foregoing this monitoring would require sacrificing a large fraction of future technological progress. Most of what we do leaves electronic trails, and most of the rest will before long. For example:
- Our financial transactions are already tracked, the few remaining cash ones excepted.
- Our reading and other media consumption are increasingly tracked. Paper books and broadcast TV are giving way to e-readers, websites, and streaming video.
- Our communications are increasingly tracked. That’s been the focus of news revelations the past couple of months. Communications metadata are definitely being tracked and turned over to the government; contents of electronic communications may well be winding up in government hands as well.
- Our physical movements and responses are becoming subject to much more tracking than is widely understood. Consider, for example:
- Your cell phone knows where you are, and numerous apps share that information.
- Police car cameras, traffic light cameras and so on, when combined with automated license plate recognition, are increasingly tracking vehicle locations and movements.
- The same goes for electronic toll payments and vehicles’ onboard sensors. And when autonomous vehicles (i.e. electronic drivers) mature, everything will be centrally tracked.
- Security cameras and the like track pedestrians as well. What’s more, in-store cameras are being deployed to track details of shoppers’ movements and attention, much as attention is finely tracked online.
- Fitbit is just the beginning. Future healthcare will rely on 24×7 medical monitoring of our actions and physiological responses.
And whatever data is gathered, it all — or at least all its significant bits — will be collected and analyzed in the cloud, where nosy governments will find it easy to access.
The story gets more confusing yet. Besides the Vs of “big data” itself — volume, velocity, variety and so on — there are also the vagaries of “data science”. For the purposes of this discussion, it is reasonable to caricature modern analytics as “gather a lot of data; shake vigorously; and see what conclusions fall out”. My point in saying that is — you don’t know the consequences of letting somebody have some data until after they’ve thrown a range of machine learning techniques at it. And so, for several reasons relating to to the difficulty of technological analysis, lawmakers, regulators and judges don’t have a realistic hope of establishing appropriate rules about possession of data, because they can’t predict what the consequences of those rules will turn out to be.
It’s always been the case that lawmakers are a bit slow in adapting to new technologies, while judges don’t prohibit privacy intrusions until the needed laws are (somewhat belatedly) written. I hope I’ve shown that, with the intensity of the technological change and the fears of terrorism, the gap this time will be much wider. But the story gets worse yet, because there already are instances in which legal enforcement of privacy has gone too far. First, there are the cases when privacy is used as pretext for bureaucratic or other official nonsense. I’ve vented about that in the past over the case of medical care and HIPAA; police harassment of citizen observers may be a more serious problem, although that depends on how jurisprudence eventually shakes out. Second, medical research is seriously restricted by privacy regulations. Depending on how privacy rules shake out, it is easy to imagine other forms of research — including national security or anti-terrorism! — being inhibited as well.
I don’t think that possession-based data controls can overcome these myriad challenges. So why am I hopeful that use-based ones can? Well, consider the use-based privacy control guidelines I recently offered:
- Probabilistic profiling data should rarely be admissible in court.
- Current rules against discrimination by employers, insurers, and credit granters should be strengthened.
- “Attention” data such as website visits should rarely be admissible in court.
- Private communications of all kinds should be … private.
- Criminal and other investigations should very rarely, if ever, be allowed to “look through walls”.
Maybe what I’m suggesting are exactly the right rules; maybe they aren’t. But in any case, they — or rules like them — don’t depend upon the specific kinds of data source or analytic technique covered. And so they can be robust against unforeseen developments in the collection, retention or analysis of data.
Comments
8 Responses to “Why privacy laws should be based on data use, not data possession”
Leave a Reply
Curt, another great post. Clearly stated logic on a complex topic.
Curt,It has been demonstrated that certain governmental organizations do not follow existing rules and then lie to congress under oath about them. So in order for any new laws to have any effect, it must have teeth, an “or else…” that is sufficiently threatening BOTH to the organization and the individuals involved that they would not dare break the rules. What is the “or else…” you propose for (1) breaking the law; (2) covering up such illegal activity; (3) perjuring oneself about it? For example, would running afoul of such law and hiding it cause total defunding of the agency for 5 years, criminal prosecution of all individuals involved and banning the hiring of all individuals from the agency by the government for 5 years? I realize that this is step 2 of the thought process, but without mandatory penalty for BOTH the agency and individuals any “laws” are merely suggestions with no recourse.
Mike,
One big advantage of my suggestions is that they’re more enforceable than the alternatives. Current rules say “You can’t secretly tap the Internet for email contents.” Mine say “You can’t introduce email contents into evidence in open court.”
I should have said that already in my post. Thanks for nudging me.
Curt, Evidentiary limits are insufficient when the police (or others) simply “recreate the investigative trail”
http://news.yahoo.com/exclusive-u-directs-agents-cover-program-used-investigate-091643729.html
Mike,
That’s not very responsive to what I said.
You’re complaining — correctly — that the government lies about its secret investigations. I’m saying that controls should be applied at points when matters necessarily get non-secret.
[…] privacy intrusion do, of course, have real benefits. That’s a big part of why I advocate a nuanced approach to privacy regulation. Several of those benefits are mentioned […]
[…] for asking! In answer, see for example links at the bottom of that post, such as Why privacy laws should be based on data use, not data possession | DBMS*2 : DataBase Management Sys… and What our legislators should do about privacy (and aren?t) | DBMS*2 : DataBase Management System […]
[…] core arguments about privacy and surveillance seem as valid as […]