Tag Archives: Privacy

The real David Petraeus scandal

Law, Politics, , , , , , , , , ,
[youtube http://www.youtube.com/watch?v=cF9u6SuKKE8]

It’s not the adultery, it’s the invasion of privacy:

The fishing expedition into Broadwell’s emails should, on its face, be considered a violation of the Fourth Amendment—while the FBI apparently had a search warrant, it’s hard to see how this warrant was obtained with the “probable cause” the Constitution requires. But the real scandal here is what’s currently considered to be legal. After a 180-day period has elapsed, private emails are currently considered public and require only a subpeona to a provider to be accessed. Even worse, the government contends that even inside the 180-day window opened emails carry no expectation of privacy. As Adam Serwer of Mother Jones puts it, “If you think the feds need a warrant to start looking at your email, you’re dead wrong.” The standards created by the The Electronic Communications Privacy Act from a time when most emails were downloaded rather than stored on a third-party server remain in place. In the current technological context, these standards are privacy shredding.

The invasions of privacy in this case make the need for major changes in the law clear. First of all, the federal courts should make clear that there is the same Fourth Amendment right to privacy in electronic communication that there is in telephone calls. The government should have access to emails only after obtaining a warrant after the showing of probably cause. Cases like the investigation of Broadwell’s email—in which “evidence” of wrongdoing that would not be considered adequate cause if applied to snail mail was enough to obtain a warrant—should not go forward.

And much more needs to be done to protect the privacy of employees. A recent decision by the Supreme Court of Canada provides a valuable road map. “Canadians may therefore reasonably expect privacy in the information contained [workplace] computers, at least where personal use is permitted or reasonably expected,” wrote Justice Morris Day. This is the right approach. The Fourth Amendment should give government employees a presumptive expectation of privacy in their electronic communications, including those on workplace computers. And the privacy of private employees should have a similar expectation of privacy established by federal statute. The fact that emails and text messages are stored on third-party servers should not be used to immolate the privacy of individuals.

The right to be forgotten

Technology, , , , , , , ,

During my studies in Paris this past academic year, I took a class called “Security and Technology.” My particular project contrasted European conceptions of online privacy with those of their American counterparts. One of the most fascinating elements of the European approach is the recent push for a “right to be forgotten,” as proposed by Viviane Reding, vice president of the European Commission. Essentially, the doctrine stipulates that everyone should have a right to permanently eliminate private information about themselves if they so desire.

So it is in this vein that Simson L. Garfinkel’s article for the MIT Technology Review takes a peek at the possible future of initiatives like these:

In fact, it’s hard to imagine a system that could index all of the world’s information thoroughly enough to allow someone exercising the “right to be forgotten” to track down and eradicate every regrettable message or photo. More likely, the mechanisms to find that data would cause more privacy violations than they would prevent.

A better solution could be a set of standards for labeling the provenance of information on the Internet. It would be somewhat like the way Facebook requires application developers to keep checking back to see whether personal information is still acceptable to use. It would also take advantage of the privacy-protecting steps that other sites like Twitter and Yahoo sometimes are willing to take for their users.

This could be done using the HTML microdata standard being developed. It is still evolving, but this standard will expand the ways that information in Web pages can be represented in their underlying HTML code. For example, the microdata could include tags designed to facilitate privacy tracking and the retraction of privacy-sensitive information. So if you persuaded a website to take down information because it violates the site’s terms of service, that website could automatically notify others that have made copies of your information, informing them that the license to use the data has been revoked.