Index: [thread] [date] [subject] [author]
  From: Sverker K. Hogberg <skh2101@columbia.edu>
  To  : <CPC@emoglen.law.columbia.edu>
  Date: Tue, 15 Mar 2005 01:18:01 -0800

Paper One: Sandboxing Identity

<b>Sandboxing Identity</b>
Sverker Hogberg


Recent headlines about private companies aggregating ever increasing 
amounts of
personal data have focused on the dangers of identity theft – break-ins 
into the servers
of respectable companies such as ChoicePoint by criminal hackers. The 
rallying cry has
therefore been for greater data security measures, more internet 
policing, and
restitution for afflicted citizens. <a href="#fn1">[1]</a> Yet the 
concern about identity theft obscures
the more serious danger posed by the absence of limits on the amount of 
personal data a
private entity can acquire, the period for which it can be stored, or 
the uses to which
it can be put. Most seriously, one of the primary constitutional 
safeguards against
government abuse of state power – the Fourth Amendment’s proscription of 
unreasonable
search and seizure – is being rapidly eviscerated by the mass collection 
and aggregation
of personal data by private entities. Government actors no longer need 
to resort to
“search and seizure” when they can simply purchase aggregated data, 
unencumbered by
Fourth Amendment restrictions, from companies like ChoicePoint.

<i>The Nature of Aggregated Data</i>
To many people this does not seem problematic since the data that 
ChoicePoint collects is
“public,” as opposed to the type of personal information garnered from 
searching a home.
Yet individual pieces of data, while insignificant in isolation, take on 
a vastly
different character when aggregated into a database with thousands of 
other facts, and
analyzed with sophisticated algorithms. When put together in this way, 
simple
information such as purchasing habits based on customer loyalty cards 
and geographical
data gleaned from in-car or cell-phone GPS receivers can be translated 
into a
comprehensive model of personal behavior. At this point, law enforcement 
no longer
needs, for instance, to search a home to find something they are looking 
for: They can
deduce its existence from the aggregated public data. In the world of 
high performance
computers and large data sets, “computational transparency” substitutes 
for the actual
transparency provided by direct searches. Ominously, this capability has 
begun to spur
federal police and spy agencies to pursue the dubious goal of wholesale 
crime prevention
through data profiling and prediction.

<i>Inadequacy of Non-Constitutional Limits</i>
The usual response to this concern is that private companies only have 
access to
information that people voluntarily disclose: If you do not want your 
purchasing habits
recorded, simply decline to use customer loyalty cards. However, this 
ignores the problem
of data sharing. One may not care whether Safeway records one’s weekly 
egg consumption,
yet care very much whether Safeway sells information concerning alcohol 
purchases to a car
insurance provider or cigarette purchases to health insurance providers.
Once information is collected, it is very difficult to keep it from 
being shared. As a
constitutional matter, companies possess the same First Amendment rights 
as individuals
to freely give away or sell information they possess, and the limits on 
this prerogative
are narrow. For instance, there is no general right to stop private 
investigators from
collecting and selling personal information or authors from writing 
unauthorized
biographies. <a href="#fn2">[2]</a> Private contracting is similarly 
ineffective at limiting sharing of
personal information. Contracts are generally written for the benefit of 
the drafter, who
is invariably the firm providing the good or service.

<i>Private Data in Government Hands</i>
The danger to democracy from the availability of these vast amounts of 
privately collected
data is not limited to government circumvention of the Fourth Amendment. 
For instance,
incumbent state legislators can currently purchase software programs 
that use demographic
data and voting records to gerrymander legislative districts or target 
“pliant” voters,
thereby guaranteeing reelection. <a href="#fn3">[3]</a> The effects of 
this on recent elections are
unmistakable. In the 2004 election, not one of the 153 congressional and 
legislative seats
in California changed parties and, more ominously, only five challengers 
defeated an
incumbent out of the 435 nationwide House of Representatives races. <a 
href="#fn4">[4]</a> As this
illustrates, privacy is not as much about the single shameful secret one 
wants to keep
hidden, but about being free from manipulation for the economic or 
political gain of
private companies and politicians.

<i>Constitutional Solution</i>
If it is futile to rely on contracting to limit private data collection 
and the
First Amendment curbs the ability to impose limits through legislation, 
what can be done
about this crisis? The most promising option is to enact a 
constitutional framework that
favors individuals’ ability to selectively maintain anonymity or, at the 
least,
pseudonymity. As long as individual pieces of personal data cannot be 
associated with
other related pieces of data the most dangerous aspects of data 
aggregation can be avoided
. This is usually accomplished by relating disparate data back to a 
(semi) unique
identifier such as a name or social-security number. Therefore, a 
constitutional
amendment that guarantees individuals the right to maintain and use 
pseudonyms – and
permutations of related unique identifiers – when contracting with 
private parties would
enable individuals to assert control over the use of their personal 
information. One
could effectively "sandbox" individual pseudonyms so that the data 
profile that attached
to them would not affect other pseudonyms or the individual as a whole.
More importantly, this would send a very strong signal to individuals that
protecting their privacy through the use of pseudonyms is not only 
legal, but a favored
constitutional defense against the government’s encroachment on civil 
liberties. To the
extent that millions of Americans have taken to heart the supposed 
liberty-promoting
function of the Second Amendment and the right to bear arms, it seems 
likely that a
constitutional amendment granting the right of pseudonymity will provide 
a similar spur to
the defense of civil liberties by Americans in the digital age.

<a name="fn1">[1]</a> See Terri Cullen, <i>Response to Consumer ID Theft 
Shows Firms Could Step Up Help</i>, The
Wall Street Journal, Mar. 15, 2005 at 
http://online.wsj.com/public/article/0,,SB111039556
618474877,00.html?mod=todays free feature

<a name="fn2">[2]</a> The Restatement (Third) of Unfair Competition §47, 
gives the example of an unauthorized
biography as an instance in which the author’s First Amendment rights 
trump the subject’s
right of publicity. More generally, the Supreme Court has held that 
newspapers have a
First Amendment right to publish “lawfully obtained, truthful 
information.” Smith v. Daily
Mail Pub. Co., 443 U.S. 97, 101 (1979).

<a name="fn3">[3]</a> See Sasha Abramsky, <i>The Redistricting Wars</i>, 
The Nation, Dec. 11, 2003, at http://www.
thenation.com/doc.mhtml?i=20031229&c=1&s=abramsky.

<a name="fn4">[4]</a> However, not all 435 races involved an incumbent. 
See Alan Abramowitz et al.,
<i>Governor’s Plan to Redraw the Political Map</i>, San Francisco 
Chronicle, Feb. 10, 2005, at
http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2005/02/10/EDGH0B7VOC1.
DTL.

-----------------------------------------------------------------
Computers, Privacy, and the Constitution mailing list



Index: [thread] [date] [subject] [author]