Wow, is this a quagmire. Never guaranteed in the original Bill of Rights, but legislated for centuries using the 4th amendment. James Comey, Director of the FBI, speaking at a Mar 7th cybersecurity conference stated that “there is no such thing as absolute privacy in America”. Our legal protection is founded by jurisprudence in something called a “reasonable expectation of privacy”. We trade absolute privacy in exchange for security and the rule of law. However, I am concerned that we have gotten slack at maintaining and enforcing our personal expectation of “a reasonable expectation of privacy” and in fact we abandon the principle 9 times out of 10 in our online lives.
In Minnesota last week, a judge ruled that Google should supply the case with all of the information surrounding a certain search. So, if you had searched on that topic recently, your name was now connected with the case. I highlight this as an example, of how far gone our privacy is. Google and Facebook might not be operating businesses without their intimate knowledge of “who you are and what you like” (they sell that data). When you use Google and Facebook, assume that every single click is being tracked. So the theory seems to be… that we have no reasonable expectation of privacy on Google and Facebook.
Meanwhile, Congress just “levelled” the playing field for ISPs and Internet providers, so they can now have the same access to your data as Google and Facebook have had since they were first launched. In case you weren’t sure, it means that more people can use and sell your data.
Looking at Privacy differently, you have no privacy on your location and your whereabouts. In fact, it is relatively easy to know where you are, at any time, between GPS in our phones and the ubiquitous security camera coverage these days. You’ve seen the police dramas on TV where the cops are able to fairly regularly track and spot the criminal and as a result find them. This applies to the non-criminals as well. Now with GPS, I can turn it off, but do we really believe that the GPS can’t be tracked by sophisticated surveillance? Do I even have to mention satellite surveillance?
Maybe my paranoia quotient is running high, but I don’t feel as though I can escape a watchful eye without going full-luddite, escaping to the woods to live out my life as a hermit, technology-free. And that’s where I have the problem. Where is my “reasonable expectation of privacy” in TODAY’S society?
We trade privacy for convenience frequently throughout our day. I can take EZ Pass toll to skip the line at the CASH toll booth, but then the transportation authority knows exactly where I am. We post on Facebook to reach a wide audience quickly and easily. Google brings information immediately to our finger tips. Nowhere in that process however, did I actively consent to have my data used and/or scrutinized and certainly not sold. In other words, I have NO reasonable expectation of privacy when I am online.
The Internet of Things makes this even worse. Today there are estimated to be 3 billion connected items. Over the next 5 years that number is projected to explode to as many as 25 billion. Your refrigerator, your dishwasher, your Thermostat, your Alexa/Google Home, your coffee maker etc etc etc. All of these devices will be listening and seeing and recording ALL THE TIME. You would no longer have a reasonable expectation of privacy in your own home. Use your Alexa as the example, who owns that data? What is Amazon doing with it? Have you asked? Did they offer to tell you? Did you elect a setting as to how and when you are releasing the data for others to receive. “No” is the answer to all of those, by the way. So it is time for us to force the makers of these products to offer us privacy.
With regards to “my consent”, some may argue “the disclaimers” and they’d probably be right since all of the aforementioned operations are well lawyered, I have no doubt. MY argument is that I was never offered a choice or an option for a level of service consistent with my privacy priorities. I want to try to claw back some privacy options, because right now, there are none.
In Illinois we have our first push back and it is being closely watched. “Right to Know and Geo-location Privacy Acts”, both aim to increase the awareness and consent that each of us would make on our location and where are data is being used. Interestingly, critics have the cynical view that this might be a ploy by the Illinois Bar to establish Illinois as a location for many class action lawsuits. They also note that “I affirm or I consent “ notice fatigue is a real thing with App and SmartPhone users. These critiques are not unfounded, however they are not reasons for me to not have choice. Given some of Illinois’ recent law creations I reckon these will pass and will set up some interesting reactions from the big data acquirers in Silicon Valley.
A few suggestions, Privacy choices should be offered at all times. In exchange for reduced use of my personal data, I expect to receive a diminished amount of service from such providers. This would actually increase competition as providers would have different tiers of service that they would offer at different price points (including free). I might WANT my refrigerator to share with my grocery store that I need eggs and milk dropped off (by drone of course), but I don’t want my alarm clock providing people with my waking time, or my sleep patterns. Others might reverse those opinions, but it isn’t the opinion that matters, it is the choice. Privacy and how our data is used should be OUR decision. Instead of the current situation, where we are making NO choice. Currently, if you want privacy, you cannot use Facebook or Google.
Another suggestion would be to hold companies liable for breaches of YOUR privacy. This would attach a monetary responsibility to cyber security for businesses that collects personal data. When money is on the line, then you know that safety will become a priority.
Anopther suggestions would be a Privacy App, designed to take all of my technology, collect my data output, explain it to me in layman's terms and then offer me the service of opting in to the privacy settings I want across my life… Silicon Valley Unicorns… are you listening?
A fourth suggestion would be to define what is our data versus what is the service provider’s data. For example, if I shop on Amazon for JRR Tolkein books, who owns the results of that search. Here’s how I see it. I own the JRR Tolkein choice. I always own my choices. When I submit that search to Amazon, now who owns it? It is Amazon who provides the results, do they own it? I would argue that they do NOT own the following information. They do not own that Ryan searched JRR Tolkein and clicked on 3 books. Here’s why. At this point, there is no certainty and there is no accuracy and there is no commitment. The search might be worthless. The search might be inaccurate. The search may not cause me to make a decision. All reasons that the search should not be the property of someone else. They are not my data YET, they were options to be vetted. Thus I am arguing that transactions can be an explicit agreement to trade privacy as well, but not searches.
So a search is NOT offered as available data for Google to use… they are going to be mad at me. Here’s my problem with Searches. Many of you will know the store Dick’s Sporting Goods. Some might have made the mistake of typing dicks.com (PLEASE DON”T DO THIS) and reached a pornographic website. Does that search, did that URL link accurately reflect MY data? Of course it did not, as clearly I was looking for sporting goods.
But as I type this last paragraph, I also realize that certain searches, for illicit endeavors, probably should be admissible as evidence. If a pedophile is regularly searching for child pornography, it ought to matter in a case against him. Which leads me to a further contradictory thought to earlier. The search has meaning (when successful and not in error), but if I don’t commit to the website, if I don’t spend a meaningful amount of time on a site, should that remain private? I don’t have all the answers and I know this is FAR from an easy topic. I welcome feedback and guidance.
To wrap this up, I want choice and control over my privacy and my data. Maybe I’m a minority. Maybe I have been too lax with my
“affirmations of consent”, maybe I value too much convenience. But what I do know, my data has value and I’d like to actively decide what that value is and what service I receive in return for it. That is all I ask, I do not recommend a burdensome and frequent Opt-In, Opt-out, as I know that will again devalue our privacy in exchange for our convenience. Just give me choice and control. If the majority choice to Opt-In and don’t care about their privacy, who am I to argue they should. But ForHumanity is for everyone and I know there are some who will choose Opt-out, at least some of the time and their rights need to be protected and affirmed.