by Paul Rudo on 25/08/12 at 7:27 am
In the United States, there are numerous consumer protection legislation in place which dictate what kind of information companies can collect about you, what they can do with that information, how they collect this information, and when it can be disclosed. For the most part, these rules seem pretty straight-forward when it comes to the sharing and disclosure of personally identifiable information between companies.
However, much less is known about privacy rights when it comes to government access to your data when stored in the cloud.
The fact is that the government is investing heavily in data mining and statistical analysis projects which combine data from multiple sources, and many of these sources include data from private industry which was either purchased or obtained by force.
Your personal data is incredibly valuable to the government. It allows them to fight crime, track high-risk offenders, improve democracy and social justice, collect tax money more efficiently, eliminate corruption, reduce waste, and plan new public works projects. (And that’s just a small sampling)
Of course, it’s natural for citizens to feel threatened by the state’s intrusion into our personal lives. That’s why the fourth amendment was created to protect us from unreasonable search and seizure and intrusions which go beyond a reasonable expectation of privacy.
If the police want to seize your laptop and comb through the contents of your personal life, they will first need to obtain a warrant or prove reasonable grounds for a search. But what about your data which is stored in your online email accounts, social media profiles and online backup accounts?
As it turns out, there was a famous case in 1976 which already dealt with this issue, and set the tone for future cases well into the computer age.
Following a 1973 fire, the department of Alcohol Tobacco and Firearms believed that the suspect had been operating an illegal distillery. In order to confirm these suspicions, the ATF contacted the suspect’s bank and demanded that they supply all checking, savings, load or other financial records pertaining to this particular client. In return, the bank provided the agents with deposit slips, microfilm and cancelled checks. The evidence obtained from these disclosures was used to build a case against the suspect.
The defense in this case tried to have the evidence withheld since the ATF did not have proper grounds for a search warrant. However, the judge decided to allow the fourth amendment does not protect a person against search and seizure of information which is being held by a third party.
Under the Bank Secrecy Act of 1970, the bank was required to maintain archives of these financial records for several years for legal compliance. Therefore, the banks had no expectation of privacy when it came to these records. And when the accused voluntarily disclosed the details of their financial affairs, they changed the expectation of privacy which surrounded this information.
I personally disagree with this decision for a number of reasons.
First of all, the courts worked on the assumption that the defendant willingly handed over this information to the bank. But when you make a financial transaction, you’re only really consenting to an exchange of information between yourself and the recipient of the funds. The bank simply acted as an essential mechanism. It would’ve been very difficult for the transaction to take place without their involvement. So in this should not be considered “consent” in the traditional sense of the word.
When you browse the internet today, your browsing habits, personal data, and behavioural patterns are being intercepted and shared between dozens of companies. And all of this happens without your knowledge. Can this really be considered “consensual” information sharing? Under the current state of the law, it seems that it might be.
Second of all, your privacy expectations with a company or institution should be different than those involving interactions with other individuals. If you tell a close friend that you have a serious illness, you should have no legal expectation of privacy in the event that they share your secret. But if you tell your doctor of pharmacist about such an illness, this information should certainly be protected.
Thanks to recent technological innovations, information is being aggregated on a massive scale and with growing speed. This is a far cry from the bank disclosures outlined in United States v. Miller. So should these standards be modified to keep up with technology? I certainly think so.
The new revolution in information collection in data mining can present some excellent opportunities for national security and better government, but these improvements should not come at the expenses of individual privacy rights.
Image Source: www.flickr.com/photos/malias/2487542342