By Christopher Hoofnagle, San Francisco Chronicle
Details of the National Security Agency and its science-fiction-like technological prowess have occupied the news headlines in recent weeks, leading to new calls for restrictions on government activities. But in order to check these activities meaningfully, we need to focus upon the activities of the private sector as well.
Our lack of privacy is the result of libertarian-leaning public policy choices made in the 1990s and 2000s that left the private sector free to collect almost any information it wanted. It is not too late to change course, but to do so, we need to become savvy about the collaboration of government and private firms.
Ten years ago, I wrote an article at bit.ly/12hejof detailing how governments’ and companies’ interests had aligned against the individual on privacy.
The article was based upon Freedom of Information Act requests I made to seven federal agencies concerning privatization of data-gathering. Privacy laws restricted the federal government from collecting data directly, but the documents showed that private-sector firms were vacuuming up information about citizens for the government. These firms did so by leveraging open-government laws and the increasing availability of electronic public records. Many of these firms had their roots in direct marketing, and used their knowledge of data collection and analysis to create new services for banks, lawyers, landlords and other information-hungry markets.
Collecting and maintaining data is expensive, and so information firms have strong incentives to find new markets for data. The government market proved to be an important one, so much so that data companies created special information products for law enforcement and intelligence services. One agency sought to “produce a comprehensive profile on an individual, generated by only one or two queries.” The private sector obliged.
At the same time, government employees were tracking privacy laws, realizing that restrictions on private firms would have downstream effects on law enforcement access to data. Documents obtained from agencies showed how privacy laws curtailed government access to information from credit reports.
Some civil libertarians have howled at our situation, characterizing government access to data as a “seizure” that implicates the Fourth Amendment. In reality, many data exchanges are more sales than seizures.
We can change the rules now, and enjoy a different balance of power between the individual and institutions in the future. While on one hand, it is troubling that government agencies are part of the antiprivacy lobby, on the other hand this means that regulation of the private sector starts to dry up government access to data.
If we want information privacy in the future, we have to limit the ability of firms to collect and maintain data. Firms take the same position on privacy as the NSA: They believe that collecting data does not raise any privacy interest; only the use of data can create a privacy problem. This is an appealing but dangerous position. It leaves personal information in the hands of institutions desperate to monetize it, with little ability for individuals to prevent or even detect objectionable uses of data.
We have to be ready to fend off threats from technology companies, who will claim that privacy law will result in slower, less accurate services. Even if these threats are real, why should efficiency for Google and Facebook be the paramount goal of our society?
We also have to be much more skeptical of “government transparency” efforts. In attempting to make government more accountable, advocates push for a maximum openness agenda; this can have the collateral effect of making the citizen transparent along with the government.
Finally, we need to get wise to the libertarian narratives so popular in information policy. These narratives are strongly focused on defeating regulation of the private sector, often without equal emphasis on limiting law enforcement power. Practically, the libertarian agenda has created the worst-case scenario for citizens: one where consumer protections are blocked in favor of “market forces,” while those same market forces work to empower the government and institutions against the individual.
Chris Jay Hoofnagle is a lecturer in residence at UC Berkeley School of Law, where he teaches computer crime law.