Maybe it’s because Berne and TRIPS make it such that there is substantial harmony in copyright and patents or maybe it’s because I’m more familiar with those areas of law, but I don’t feel like I need to make quite as big of a disclaimer about differences between the US and Europe (and other places, of course) and their data privacy laws. At a basic level, the US seems to have hoarder tendencies when it comes to stored data. The EU, on the other hand, has a different type of OCD, that of cleanliness. As a fan of projects like archive.org, I have mixed feelings about this dichotomy.
Last week’s assigned reading was for us to skim the first two chapters of a Data Security and Privacy Law book (and hence the title of today’s post). The fact that there’s a two-volume book on the subject I have chosen as today’s title suggests that we won’t be going into a lot of detail today.
Starting with the premise that there is great value is stored and collected data, how can we as Americans get around the evils that all of this data currently holds? There are two obvious ways.
Amend the Fourth Amendment
Currently, the Fourth Amendment covers only privacy between a citizen and the government. While Congress can presumably change the authorization of law enforcement via statute through its commerce power (In fact, Congress has passed the Stored Communications Act), once you put stuff on the Internet, in any fashion, you have no federal Constitutional protection in it (individual state constitutions might protect you from state authorities). This assumes, of course, that the Supreme Court, whether as currently constituted or not, will not change their mind. They certainly have in the past. However, pinning hopes on a president picking the right person and then that person getting confirmed seems like a long shot.
Before I mention what such an amendment might look like, let me clarify what I mean by “on the Internet.” Here I’m using it to mean that once another individual has access to the information, then there is no Constitutional protection it (setting aside any Constitutional rights corporations might have). For example, if you have a server that you own in California, and you access it securely from New Hampshire, assuming no one else has access to the server, you should be protected by the Fourth Amendment. Obviously the government can still get a warrant but to get information off the server, but in that case they would need “probable cause”. What “probable cause” means is well beyond the scope of this article and my Cybercrime course. Having taken Criminal Procedure, I can speak more about it, but, for now, it’s not cybery enough for OSP.
The reason for this reading of the Fourth Amendment is rather simple. The Fourth Amendment does not protect you from your co-conspirators, so once you give the information to another person, the Fourth Amendment assumes the information is public. This is a remarkably modern view of privacy! (What I mean is, if you want it private, don’t put it on the Internet is a modern sentiment based on the insecurity of many websites.)
So, with that in mind, here’s what the 28th Amendment might look like:
Citizens and foreign nationals do not give up their right to be secure against the government in their persons, houses, papers and effects, simply by entrusting their persons, houses, papers and effects to a third-party.
Pretty simple really. Initially, I left out “person” because I’m not sure you can ever entrust your “person” to someone else in a Constitutional sense. However, I’m not sure it hurts anything to put it in their. If you don’t put it in their future Scalia’s might say you have no Fourth Amendment rights when you go under anesthesia or something like that.
I’m a little hesitant to directly reference the Fourth Amendment because I’m again concerned about Scalia taking a 1789/1791 view of things. I suppose they could still do that, considering I used the words parallel to the Fourth. However, if you get too detailed you’ll make in unworkable and it’ll start to look like a statute rather than a Constitution. If the 28th doesn’t do it, we could always go back with a 29th! It wouldn’t be the first time we’ve Amended an Amendment!
Decriminalize Lots of Stuff
If the government weren’t so concerned with stopping the Occupy Movement and copyright infringement, how much would we care about the government’s ability to get at our data? I suspect not a lot. Sure, the EFF and ACLU would care, because they are always (rightfully) looking for the next abuse of power, but we as a society could probably spend time thinking about other things, like improving our school system, if we weren’t so worried about going to jail.
It’s true that this proposal doesn’t help reporters that are talking to allegedly and actually nefarious people and that’s a topic we’ll come back to in later articles. However, changing the laws on the books is an easier process that amending the Constitution, so it’s something we should be thinking about first.
- Wikipedia on Data Security
- Wikipedia on Privacy Law
- Oxford’s International Data Privacy Law Journal
- EFF on Privacy
- ACLU on Surveillance & Privacy
- ACLU on Internet Privacy
- ACLU on Consumer Privacy