NYU/Princeton Conference on Mobile and Location Privacy: A Technology and Policy Dialog
Date: Friday, April 13, 2012
Time: 9:30 AM – 5:00 PM
Location: Lipton Hall, 108 West 3rd Street [between Sullivan & MacDougal Streets], New York University School of Law, NYC
Co-sponsored by the New York University Information Law Institute and the Princeton Center for Information Technology Policy, with generous support from Microsoft.
For more, click here.
Several recent NY Times articles reflect growing concerns over increasing government access to and retention of communications and other data here in the U.S.:
Police Are Using Phone Tracking as a Routine Tool
Published: March 31, 2012
Law enforcement tracking of cellphones is a convenient surveillance tool in many situations, but it is unclear if using such technology without a warrant violates the Constitution.
U.S. Relaxes Limits on Use of Data in Terror Analysis
Published: March 22, 2012
Attorney General Eric H. Holder Jr. signed new guidelines on how analysts may access, store and search information gathered by government agencies about Americans.
And in the UK:
Britons Protest Proposal to Widen Surveillance
By ALAN COWELL
Published: April 2, 2012
Reported government plans to give intelligence services the ability to monitor the electronic communications of every person in the country drew fire on Monday.
Katherine J. Strandburg
Does your level of Fourth Amendment protection vary inversely with the convenience of your digital life?
Matthew Smith
Today, Ars Technica published an excellent rundown of the various approaches that policymakers have taken, or are taking, to attempt to secure the privacy of smartphone users.
The article ties in with another recent Ars piece, which pointed out that Apple has the “master keys” to the encryption of its iCloud service – and so, in theory, could give those keys to the police, if asked.
This situation exemplifies a truism that may well come to define the digital age: your level of privacy varies inversely with the convenience of your digital life. Here’s how it plays out.
Everyone has data that’s important to them – and the convenience of their digital life depends, in large part, on how easily they can organize, access, and play around with their data. Data can be anything from an address book and e-mails to a digital movie collection.
In the 1990s, the PalmPilot – arguably, the forerunner of modern smartphones – was successful, in large part, because it offered users easy, convenient access to their data. Of course, the PalmPilot posed no threat to privacy, as long as the user was able to hold onto it: the data never left the user’s possession. The drawback to this ecosystem was, as any PalmPilot user will remember, the need to “sync” the device whenever the user wished to update its data.
The game changer in this realm was the creation of mobile access to the Internet and the rise of “The Cloud.” Once the devices we carried with us gained access to the Internet, putting our data on the Internet was an obvious next step: keep the master copy of everything in the Cloud, and, any time there is a change, all of the user’s devices can be updated over their Internet connections, in real-time. Everything is always up-to-date, and always at hand.
But, of course, this convenience comes at a price. The user puts the privacy of their data at risk by entrusting it to a third party. The extent to which data given over to a third party is protected by the Fourth Amendment or other laws is still being worked out – largely because Cloud services are so new that laws regulating them have yet to develop – see the Ars Technica posts linked above. If Apple (or another company) possesses the keys to a user’s data, Apple (or the other company) can control who accesses that data. And frequently, the police look to access a user’s private data when they suspect the user of criminal activity.
As the Ars Technica rundown of smartphone privacy approaches above indicates, the law here is unsettled – but it is clear that, absent a strong stand in favor of privacy, users who store their personal data in Cloud services may well be trading off legal privacy protections by doing so.
So, what’s a tech-savvy citizen who values privacy and convenience to do?
One clue may come from the so-called Maker Manifesto: “if you can’t open it, you don’t own it.” Unless a user is personally responsible for the storage and security of their data – perhaps by purchasing or building a dedicated private web server to be set up in the home or setting up an always-connected PC at home for remote access to its hard drive – it is impossible to be certain of the security and privacy of the user’s data.
When a user personally controls access to their data, the level of government intrusion on that user’s privacy required to access that data is much greater. In the instance of a server set up in a private home, the government would be required to make entry into the home itself to access the data on the server. And traditionally, the home is the most-protected sphere under the Fourth Amendment.
Of course, this is costly – and, because software systems for remote data access are frequently built around the assumption that the user will be connecting to a third-party service (Apple iCloud, Google, Box.net, Dropbox) to access their data – many of the convenient features of data storage in the Cloud may be unavailable to a user setting up their own system.
Because of this cost – in terms of finance and convenience – the desirability of strong legal protections for users’ data stored with third parties is manifest. It remains to be seen whether (and how) Congress (and courts) will act to respond to this need.