Obama Faces Major Online Privacy Test

CNET has a piece on the prospects for an initiative to revamp privacy law for the digital age being put forward by an unlikely coalition that includes Microsoft, Google, privacy advocates, and conservative and libertarian organizations. "When Barack Obama was campaigning for the presidency in 2008, he promised that as president, he would 'strengthen privacy protections for the digital age.' That pledge will be put to the test as the Obama administration considers whether to support a new privacy proposal released by a coalition including Google, eBay, Microsoft, AT&T, the ACLU, and Americans for Tax Reform... The [so-called] Digital Due Process coalition already has met with attorneys from the Justice Department's computer crime unit, White House attorneys, FBI representatives, and Commerce Department officials... the law enforcement meetings were 'respectful' and 'substantive.'"

Their priciples

[beakerMeep]

From the coalition's website:

----

1. The government should obtain a search warrant based on probable cause before it can compel a service provider to disclose a user’s private communications or documents stored online.

• This principle applies the safeguards that the law has traditionally provided for the privacy of our phone calls or the physical files we store in our homes to private communications, documents and other private user content stored in or transmitted through the Internet "cloud"-- private emails, instant messages, text messages, word processing documents and spreadsheets, photos, Internet search queries and private posts made over social networks.
• This change was first proposed in bi-partisan legislation introduced in 1998 by Senators John Ashcroft and Patrick Leahy. It is consistent with recent appeals court decisions holding that emails and SMS text messages stored by communications providers are protected by the Fourth Amendment, and is also consistent with the latest legal scholarship on the issue.

2. The government should obtain a search warrant based on probable cause before it can track, prospectively or retrospectively, the location of a cell phone or other mobile communications device.

• This principle addresses the treatment of the growing quantity and quality of data based on the location of cell phones, laptops and other mobile devices, which is currently the subject of conflicting court decisions; it proposes the conclusion reached by a majority of the courts that a search warrant is required for real-time cell phone tracking, and would apply the same standard to access to stored location data.
• A warrant for mobile location information was first proposed in 1998 as part of the bipartisan Ashcroft-Leahy bill. It was approved 20 to 1 by the House Judiciary Committee in 2000.

3.Before obtaining transactional data in real time about when and with whom an individual communicates using email, instant messaging, text messaging, the telephone or any other communications technology, the government should demonstrate to a court that such data is relevant to an authorized criminal investigation.

• In 2001, the law governing "pen registers and trap & trace devices" - technologies used to obtain transactional data in real time about when and with whom individuals communicate over the phone - was expanded to also allow monitoring of communications made over the Internet. In particular, the data at issue includes information on who individuals email with, who individuals IM with, who individuals send text messages to, and the Internet Protocol addresses of the Internet sites individuals visit.
• This principle would update the law to reflect modern technology by establishing judicial review of surveillance requests for this data based on a factual showing of reasonable grounds to believe that the information sought is relevant to a crime being investigated.

4.Before obtaining transactional data about multiple unidentified users of communications or other online services when trying to track down a suspect, the government should first demonstrate to a court that the data is needed for its criminal investigation.

• This principle addresses the circumstance when the government uses subpoenas to get information in bulk about broad categories of telephone or Internet users, rather than seeking the records of specific individuals that are relevant to an investigation. For example, there have been reported cases of bulk requests for information about everyone that visited a particular web site on a particular day, or everyone that used the Internet to sell products in a particular jurisdiction.
• Because such bulk requests for information on c

A good step forward, but...

[sloanesky]

The fact that a handful of these corporations are anywhere near privacy reform legislation makes me nervous. I think a quote from a NY Times article explains why.

...AT&T, Google and Microsoft, and advocacy groups from across the political spectrum said Tuesday that it would push Congress to strengthen online privacy laws to protect private digital information from government access.

They want to protect our information from the government, but what about themselves? Some of their very business models depends on people giving their information to the company (Google). Such a coalition is not likely to recommend privacy laws that also apply to their own corporations, so any privacy reform spearheaded by these members will be incomplete and potentially damaging.

On their principles page they only make mention of limiting the government's access to information, and don't even reference anything about corporations. While I applaud their attempt to limit government access to our private information, their (understandable) bias in favor of their corporate needs kind of limits this effort in my opinion. I am more concerned about the amount of data that google and other such companies have about me at this point.

Any privacy legislation needs to restrict the amount and kinds of information these companies can collect about us in order to really protect privacy on the internet, since the internet is really more the domain of corporations than the federal government.

Re:A good step forward, but...

[sloanesky]

Here on slashdot most of us are aware of the information that the corporations are collecting on us (to some degree) and we have the means to limit this through our internet experience. Most of the people who are new to the internet don't know know about google's extensive data collection, they have no idea how much of their information is being collected by marketing companies, they don't know that it is being indexed by other sites and that even if they delete it there is a good chance it is stored somewhere. They are simply incapable of the informed consent required to "volunteer" such information.

The companies who are collecting data aren't informing you that they are doing it, they aren't telling you what it will be used for, and you rarely have a chance to challenge it. It might be hidden in their EULA or Terms of Service, but those are often written in legalese and in such length that a vast majority of people just check the box and accept it. I do it myself, and I do care about what information is being collected about me. I personally know what is going on behind the scenes, but how can one expect the grandmother who logs into facebook to play farmville and interact with her family to?

The government can compel you to give up information sure, but at least you are aware of what information is being collected and why you are being compelled to furnish it. Your point about the government being able to compel others to give up your information against your will is spot on, and I feel that a lot of the ideas proposed by this coalition are actually good in protecting us from the government. Just incomplete since we also need to have tougher privacy laws in regard to corporations too.

And sadly you are correct about the difficulty in getting such legislation passed. The lack of knowledge about how much data is really being collected about people online among the general public is one of the root causes of this whole mess. If people knew about what was going on, and what they could do to prevent it, such legislation would probably be pointless. Unfortunately that is just a dream at this point, as people who don't know enough about computers and the internet to protect themselves keep flooding onto the internet.