Municipal privacy law, a proposal

As we now know, the technical capabilities for governments and corporations outpace the public’s ability to identify and react to the consequences of unchecked surveillance. Personal information and metadata collection technology can have grave consequences on human rights that have been proven to negatively affect populations including health practitioners, journalists, lawyers, activists, and the Muslim community. Coupled with policy makers’ lack of technical knowledge in information systems, my goal is to do most of the work that our politicians are failing to do.

I would like to present a plan that will aim to create a new set of privacy ordinances that will focus on these three tasks:

1) research and analyze existing privacy laws

2) design a framework that is similar to what the International Modern Media Institute is doing for freedom of expression — create a bundle of proven laws from all over the world as a base.

3) design new laws that are knowledgeable of and target technical capabilities to support people’s right to privacy

To start, we might look at the Electronic Communications Privacy Act. Law enforcement and “national security” have overly-broad exemptions in the act, particularly for the collection of metadata. A group of technical professionals might then create a city law that makes it clear that a warrant is explicitly needed in any case that data or information about a person or person’s communications is sought after. This, of course, brings in a recent ruling about the “third party doctrine”, which now provides further precedent that data collected as a business need does not deserve privacy protections. This, of course, is absurd. Facebook needs a list of your friends in order to operate, so it’s free game to law enforcement? The electricity company needs personally identifiable power usage data, should that be free to law enforcement?

We can show how the abuse of data collection has negatively affected specific people and specific organizations. Government has unjustly and unconstitutionally hacked the system to increase its own power. While a city law might only impact people and organizations in Seattle, this would be a great start. What works in Seattle might be good for Redmond or Bellevue, too. Maybe Olympia will adopt this progress and blanket the state with hardened civil liberty protections.

As an avid Internet user, I sometimes try to delete my data and information. For example, when I tried to delete my LinkedIn profile, the language of their responsibilities merely says they’re going to hide the profile. No where do they day they assure deletion. And then there’s Facebook who makes “black profiles” of people even if said people never visited Facebook.com in their life. I want control over my data and information. Maybe we can create a law that allows me to request data and information about me, along with legal tools to correct or delete it. I’m not talking about public information, but data and information put into a third party application I expected to have specific levels of confidentiality. I want explicit information, like business address and contact information, about who said data was shared with and when. And if a company refuses to help my see, correct, or delete my data and information, I want legal tools to file malicious charges.

Obviously, the legal tools that I”m asking for would end up costing companies a lot of money. Aside from my ideals and their lack of respect for me, a package of privacy laws should offer protections to companies, too. To start, it probably costs technology providers a lot of money to process law enforcement requests. And if any given company decides to do what’s right and fight gag orders, now we’re talking about hundreds of thousands or even millions of dollars. We need privacy laws that help companies defend against these kinds of attacks, too.

I think data is the new oil. Governments and corporations are extraordinarily greedy. New technology is creating new holes in ourselves that governments and corporations are pumping data from with no respect and it’s sold to the highest bidder.