Posts Tagged ‘Law Enforcement’

Who has your data and how can the government get it?

Monday, June 28th, 2010

Who has your data? And how can the government get it?

The questions are more complicated than they might seem.

In the last month, we’ve seen Facebook criticized and scrutinized at every turn for the way they collect and share their users’ data.  Much of that criticism was deserved, but what was missing in that discussion were the companies that have your data without even your knowledge, let alone your consent.

The relationship between a user and Facebook is at least relatively straightforward.  The user knows his or her data has been placed in Facebook, and legislation could be updated relatively easily to protect his or her expectation of privacy in that data.

But what about the data consumer service companies share with third parties?

Pharmacies sell prescription data that includes you; cellphone-related businesses sell data that includes you.

So much of the data economy involves companies and businesses that don’t necessarily have you as a customer, and thus even less incentive to protect your interests.

What about data that’s supposedly de-identified or anonymized?  We know that such data can be combined with another dataset to re-identify people.  Could the government seek that kind of data and avoid getting even a subpoena?  Increasingly, the companies that have data about you aren’t even the companies you initially transacted with.  How will existing privacy laws, even proposed reforms by the Digital Due Process coalition, deal with this reality?

These are all questions that consume us at the Common Data Project for good reason.  As an organization dedicated to enabling the safe disclosure of personal information, we are committed to talking about privacy and anonymity in measurable ways, rather than with vague promises.

If you read a typical privacy policy, you’ll see language that goes something like this,

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:…

We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request

We think the datatrust needs to be do better than that. We want to know exactly what “enforceable government request” means.  We want to think creatively about what individual privacy rights mean when organizations are sharing information with each other. We’ve written up the aspects that seem most directly relevant to our project here, including 1) a quick overview of federal privacy law; 2) implications for data collectors today; and 3) implications for the datatrust.

We ultimately have more questions than answers.  But we definitely can’t assume we know everything there is to know.  Even at the Supreme Court, where the Justices seem to have some trouble understanding how pagers and text messages work, they understand that the world is changing quickly.  (See City of Ontario v. Quon.)  We all need to be asking questions together.

So take a look.  Let us know if there are issues we’re missing. What are some other questions we should be asking?

Yea or Nay: Track Taxis with GPS?

Wednesday, March 17th, 2010

We talk a lot on this blog about how tracking personal activities and collecting data can be extremely useful. We also talk about the need for better laws, regulations and shared social understanding of how such data should be collected, shared and used.

As part of our ongoing work to make sense of such a complicated and confusing set of issues, we’ll be collecting interesting “moral dilemmas” related to the issue of tracking human behaviors and posting them as a series of online polls. It’s an attempt to take a more “empirical,” case-by-case approach in an effort to keep high-level policy thinking rooted in reality.

If you come across something an interesting moral dilemma, please send them our way.

Without further ado, here’s the first poll:

Using G.P.S. technology installed in cabs, the (Taxi and Limousine) commission discovered more than 1.8 million trips where passengers were charged the higher rate.

Should we track taxis with GPS devices?

View Results

Loading ... Loading ...

Leaving bacterial “fingerprints” on digital devices.

Tuesday, March 16th, 2010

These knitted bacteria also happen to look like fingers.

We’re usually concerned with issues around leaving “digital” fingerprints (e.g. browsing behavior via cookies). But I couldn’t resist posting about new developments in using genetically specific bacterial traces to track your usage of digital devices (well really anything that retains bacteria.) Hmm, does this work on stainless steel?

Get Adobe Flash player