Law Technology News Editor-in-Chief Monica Bay began the LegalTech Keynote discussion "Privacy and Security" with a deceptively simple question for panelists: "Is privacy dead?" The resulting discussions addressed everything from cybersecurity to wearable biometric gadgets, suggesting just how complicated the answer to such a question might be.
Donna Payne, CEO of PayneGroup, described how her company has been working with privacy software since 1998, when it produced its first metadata removal tool. She has also had personal experience with privacy, having had problems with internet security herself, and having seen her friends struggle with it. She mentioned an incident in which her doctor asked her where a stalker might be getting information about her; within 10 minutes, Payne was able to find not only her doctor’s address and other personal details, but her social security number online. With more than 255 data brokers selling personal information online, Payne has made it her mission to help educate people about this industry: "It’s important that we know what is out there, and how to protect ourselves."
Lisa Soto is the managing partner of Hunton & Williams’ New York office, where she leads their global privacy and cybersecurity practices. She is an expert on HIPAA and other privacy laws, both U.S. and international, and drafts contracts concerning data, privacy and security. She has been working in this area since 2000, very close to its inception, and noted that the growth she has seen since that point has been "unbelievable"—it seemed unimaginable, then, that online privacy concerns would regularly be front-page news today.
Cullen Hoback directed the documentary Terms and Conditions May Apply, which explores online privacy and the legal and corporate cultures surrounding it. A documentarian with a background in film, Hoback said that his interest in the subject began with the iPhone in his pocket, and an interest in how such technology affected people’s relationships and communications. However, this soon developed into an exploration of much modern technology, for the first time, requires users to make legally binding agreements to do almost anything, including activities that formerly required no such contracts: from watching television and reading a book, users now using contract-laden services and tools such as Netflix and e-readers. What has really changed with this technology, he found, was that "we had lost our privacy," and Terms and Conditions May Apply derives from a desire to articulate and explore that loss.
Soto asserted that "Privacy is not dead. Privacy has changed. As we evolve as a society, as technology has evolved at an incredibly rapid pace, we have to adapt our thinking" in addressing it. She noted that law and lawmakers often lag behind current trends, but that when it comes to privacy and security, the rapid pace of change means that they are currently many steps behind. Soto specified that it was important to differentiate between privacy and security. Regarding privacy, a certain amount of certain information on individuals’ families has always been available to those willing to look for it, although pre-nternet obscurity often resulted in a de facto privacy.
Security concerns, on the other hand, have to do with a criminal population: hackers looking for financial gain through account fraud or identity theft; hacktivists, hacking for ideological missions; and nation-states or loosely affiliated terrorist groups engaging in cyberhacking for information on research and industry, including data on research and development, mergers and acquisitions, or trade secrets. She noted that our society is just beginning to tackle such concerns, citing President Obama’s reference to developing a cybersecurity framework in last year’s State of the Union address and in-development European Union cybersecurity directives as evidence of this new attention.
Hoback was more sympathetic to hacktivists, suggesting that most hacktivist groups are out to expose unethical operations and increase transparency, particularly targeting the opacity of the surveillance complex. He did note that many such groups contain members with various philosophies and ideologies toward their group goal, making it difficult to generalize about them. Hoback’s opinion was that privacy is not dead. "It can be resurrected." Granted, "It’s on life support—it’s not doing so well."
Looking ahead, Hoback said that "I think that the future is privacy. I think that where we’re heading is not necessarily using legislative mechanisms to bring privacy back," but rather using such mechanisms to protect citizens and consumers. He argued that it is our responsibility, as citizens, to "rein in the NSA" [National Security Agency], and he sees a future in innovation—new privacy tools, data decentralization, and in the conversations about privacy that have started to become more common. He added that this conversation should move away from an intense focus on "privacy" and towards the idea of "ownership": "our right to own our data, and access our data." Instead of corporations holding user data in a central repository, in the future users may be store to hold their own data in a personal cloud-based repository.
Payne agreed that "we should be able to access our data," see what information is being archived about us, and also control who can access to it. "I think we’re on the cusp of whether privacy is going to die or not": she acknowledged that no one reads terms and conditions on apps, for example, but that photo apps often contain geolocation tags. She suggested that "we have to become more aware" of what data is being collected about us, and what we are sharing. But, she acknowledged, "I’m torn on security," citing the Boston Bombing incident as a case where advanced security technologies had benefited everyone.
Soto brought up historical and national contexts for some of these privacy and security concerns, noting that Europe’s recent history of personal-information-driven persecution from government has resulted in a different attitude toward privacy. While Americans tend to think of privacy as a consumer protection issue, Europeans see it as a "fundamental human right," language that is built into the constitution of their privacy laws. She noted that many other countries have adopted or on the verge of adopting a European-style privacy legislation.
No comments:
Post a Comment