Marc Rotenberg - Privacy in the Modern Age: The Search for Solutions

PRIVACY IN THE MODERN AGE

ALSO BY MARC ROTENBERG

Nonprofits Enter the Computer Age (Community Jobs 1985)

Technology and Privacy: The New Landscape (MIT Press 1998)

Information Privacy Law (Aspen 2005)

The Privacy Law Sourcebook: United States Law, International Law, and Recent Developments (EPIC 2004)

Privacy, Information, and Technology (Aspen 2006)

Privacy and Human Rights: An International Survey of Privacy Laws and Developments (EPIC 2006)

Litigation Under the Federal Open Government Laws (EPIC 2010)

Privacy Law and Society (West 2016) (forthcoming with Anita L. Allen)

This publication has been made possible, in part, with a grant from the MacArthur Foundation. The views expressed are those of the authors, and do not necessarily represent the views of their employers, the MacArthur Foundation, or EPIC.

2015 by Marc Rotenberg, Julia Horwitz, and Jeramie Scott

Licensed under the Creative Commons BY-NC-SA 4.0 license

Published in the United States by The New Press, New York, 2015

Distributed by Perseus Distribution

ISBN 978-1-62097-108-6 (e-book)

CIP data is available

The New Press publishes books that promote and enrich public discussion and understanding of the issues vital to our democracy and to a more equitable world. These books are made possible by the enthusiasm of our readers; the support of a committed group of donors, large and small; the collaboration of our many partners in the independent media and the not-for-profit sector; booksellers, who often hand-sell New Press books; librarians; and above all by our authors.

www.thenewpress.com

Composition by dix!

This book was set in Minion

Printed in the United States of America

2 4 6 8 10 9 7 5 3 1

CONTENTS

F ew issues today are more widely debated than the impact of technology on privacy. Edward Snowden has kept news organizations busy since his decision to reveal the surveillance capabilities of the National Security Agency. The NSA has gathered up the telephone records of every American, as well as the personal communications of foreign leaders and the Internet browsing records of their citizens. So extraordinary is the data-gathering capability of the NSA that the agency has budgeted millions of dollars just for air-conditioning to keep cool its giant supercomputers.

But it is not only a spy agency that inspires headlines. Target lost the credit card records of 40 million American consumers in a data security breach. Home Depot beat that record and lost 56 million records. Advertising software tracks users across the Internet. Detailed medical records are available for sale. Students are subject to endless testing that generates data subject to endless review. Travelers to the United States are fingerprinted. Small robots patrol schoolyards. And we have still ahead data breaches that involve biometric identifiers, surveillance systems that massively identify people in a crowd, and firms that have leapt from the Internet to track people in physical space and record activities in their homes.

There is a temptation when confronted with these stories to utter some version of Privacy is dead. Get over it. Popular variants include, You have no reasonable expectation of privacy, What did you expect? You posted it on the Internet, and Hey, its free. If you dont like it, you dont have to use it.

The contributors to this anthology adopted a different strategy. They put fatalism aside and instead of simply describing problems, they set out solutions; they took seriously the dictum of Thomas Edison: What man creates with his hand, he should control with his head. Its a new approach to the privacy debate, one that assumes privacy is worth protecting and that there are meaningful policy responses to pursue.

We begin the collection by tracing our own efforts to create an organization, the Electronic Privacy Information Center or EPIC, specifically tasked with focusing public attention on emerging privacy and civil liberties issues. Over our first twenty years, we have had some successes and some setbacks. Our recent anniversary provided an opportunity to assess what is working and what more needs to be done.

Open government advocate Steven Aftergood takes on the classic paradox of privacy in his contributionthe critical role of transparency in ensuring accountability. Aftergood notes, Transparency alone cannot dictate or imply what the outcome of a particular privacy or national security debate ought to be. But disclosure of the basic facts of government operations is what makes it possible for the debate to take place. In openness, there is greater protection for privacy.

Computer scientist Ross Anderson views the U.S. debate from across the Atlantic and asks what the U.S. legacy will be when others look back at the technologically dominant superpower in the early part of the twenty-first century. It is not just a matter of legacy. How the U.S. treats foreigners now will not just set the tone for our generation, but will shape how the world works and the way people are treated in future generationsonce U.S. supremacy has passed the way of the British empire, the Spanish empire, and the Roman empire.

Christine L. Borgman and her coauthors, experts in information policy and educational institutions, took on the practical challenge of developing a privacy framework for the largest university system in the United States. As they explain, Todays research universities face a plethora of competing challenges in the privacy arena. The outcome is a remarkable blend of privacy principles, institutional structures, formal responsibilities, and public accountability.

Ryan Calo, a leading researcher in the field of robotics, thinks it is already time to pass laws and to create an agency to monitor our mechanized friends. As he writes, Society should look to this issue now, as we stand knee-deep in waters that will only rise.

Danielle Citron, a law professor who explores issues of gender, combines several threads of privacy culture when she points to growing concerns about revenge porn. Her proposal is clear. The law needs updating again to combat destructive invasions of sexual privacy facilitated by networked technologies.

Leading privacy campaigner Simon Davies focuses on recent developments in Europe, where the Snowden revelations have given way to massive calls to update privacy laws and limit data flows to America. Davies suggests that even a fractured Europe is likely to unite in this effort.

A. Michael Froomkin, one of the forefathers of cyberlaw, considers the policy nuts and bolts of identity management. At its core, the challenge is to allow individuals to disclose to others only that which is required in a technological environment where almost everything is transferred by default. The solution is subtle but profound. In its most robust form, we would have true untraceable pseudonymity powered by payer-anonymous digital cash.