Computers, Privacy & the Constitution

View   r5  >  r4  ...
KatiaBogomolovaFirstPaper 5 - 19 May 2021 - Main.KatiaBogomolova
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Line: 10 to 10
 "We didn't build the net with anonymity built in. That was a mistake." -Eben Moglen at re:publica, Berlin, May 2, 2012.
Changed:
<
<
In the current system, digital anonymity sounds like an oxymoron. Accessing the Web from nearly anywhere in the United States pre-supposes -- despite constitutional guarantees of privacy and protection against searches -- near total exposure. From technologies overtly aimed at removing individual privacy to more covert or removed data mining operations (through social networking sites and the like), a consumer's identity, once digitized, attaches to them immutably. In our ever more digitized society, it becomes increasingly difficult for consumers to say no to surveillance. However, existing and expanding public pressure may force corporate America to make room for privacy, albeit not full anonymity online. This paper explores the present systems that seek to enhance online consumer protections online, as well as where we can go from here.
>
>
In the current system, digital anonymity sounds like an oxymoron. Accessing the Web from nearly anywhere in the United States pre-supposes -- despite constitutional guarantees of privacy and protection against searches -- near total exposure. From technologies overtly aimed at removing individual privacy to more covert or removed data mining operations (through social networking sites and the like), a consumer's identity, once digitized, attaches to them immutably. In our ever more digitized society, it becomes increasingly difficult for consumers to say no to surveillance. However, existing and expanding public pressure may force corporate America to make room for privacy, albeit not full anonymity online. This paper explores the present legislation and corporate projects that seek to enhance online consumer protections online, as well as where we can go from here.
 
Changed:
<
<

Existing laws in the modern digital landscape

>
>

Existing and upcoming laws in the modern digital landscape

 
Changed:
<
<
When the California Consumer Privacy Act (CCPA) was enacted in 2018, it generated a mixed response., has been enacted to enhance consumer privacy protections. The CCPA gives consumers greater control over the information that businesses may collect about them, and how they use this information further. Among others, the Act gives the consumer the right to know what information the business is collecting, using and sharing, to delete collected personal information (with exceptions), to opt-out of the sale of this information to a third party, and to non-discrimination for exercising a right under this Act. This act marks a positive stride in the direction of greater privacy; an important one since the 2006 creation of The Payment Card Industry Security Standards Council (PCI SSC). The council, an independent project by American Express, Discover, JCB International, MasterCard? and Visa Inc. sets a standard for card encryption and security.
>
>
When the California Consumer Privacy Act (CCPA) was enacted in 2018, it generated a mixed response. The CCPA gives consumers greater control over the information that businesses may collect about them, as well as how this information may be used. Among others, the Act gave the consumer the right to know what information the business is collecting, using and sharing, to delete collected personal information (with exceptions), to opt-out of the sale of this information to a third party, and to non-discrimination for exercising a right under this Act. To some, the CCPA marked a significant stride in the direction of greater privacy; an important one since the 2006 creation of The Payment Card Industry Security Standards Council (PCI SSC). Others, however, had their doubts. Business periodicals and bloggers, alike, mused about the potential drawbacks of the CCPA, from driving up compliance costs enough to drive small and mid-size companies out of business, to potential unconstitutionality by way of the Commerce Clause. A third group of critics opined that the Act did not go far enough, but possessed the redeeming quality of potential to catalyze other states into advancing their own consumer privacy protections.
 
Changed:
<
<
Protection in the cloud: Several SCOTUS decisions limited the possibility of digital surveillance. Riley v. California perhaps made a dent in the unrestricted access to "private" information on the Web. In an arrest, the Court held, information found to be in the "cloud," i.e. accessible via phone but not inherently on it, cannot be considered "on the arrestee's person," To this end, the government is thus forbidden by the Fourth Amendment to engage in such a warrantless search (unless the government's interests are so compelling that a search would be reasonable). Also, the Court found in United States v. Jones and Carpenter v. United States that the use of GPS or cell phone signal triangulation to track a suspect without a warrant is unconstitutional. It follows, then, that using the Internet to keep tabs on a suspect's geographic location at all times may constitute a violation. Perhaps, as more specific cases arise, the Court may set the parameters of constitutional violation more clearly, as they pertain to the Internet.
>
>
Group three was correct. In February of this year, the Virginia Senate unanimously passed the Virginia Consumer Data Protection Act (VCDPA). As of March, both Florida and New York are considering similar legislation aimed at regulating data collection from consumers. California doubled down on its commitment to safeguard privacy by passing a new law to expand CCPA protections —— the California Privacy Rights Act (CPRA). Both the CPRA and VCDPA will be effective as of January 1, 2023. Although similar in intent and scope, the Virginia law differs from that of California, aligning more closely with the European Union’s General Data Protection Regulation (GDPR) in a few key ways. Notably, it does not stipulate a revenue threshold for VCDPA compliance. The Virginia Act also requires businesses to conduct data protection assessments and formulate data processing agreements to govern their consumer operations. There are, of course, tradeoffs between the protections offered by these two acts —— Virginia's provides on-paper protection within the scope of contract law, but leaves enforcement entirely up to the state Attorney General without providing consumers a private right of action (in a departure from the CCPA).
 
Changed:
<
<
Corporations, often motivated by intensive public opinion, are looking for ways to enhance privacy — or at the least, "privacy theatre" (the staging of privacy in some kind of space. For example, the cybersecurity department at Lowe's recently hired a specialized, chief privacy officer to work with the company's general counsel. With her oversight, the cybersecurity team's goal is to lock down corporate users with access to customer data, reducing this access significantly. Such action was compelled by the public and the state government of California, alike. The existence of the CCPA accelerated this process. Although it isn't perfect, new legislation and regulation can strengthen constitutional privacy protections enough to bring the concept of digital anonymity closer on the horizon.
>
>
It is clear, however, that the existence of this legislation has accelerate the push toward greater privacy protections around the country. The proposed New York bill combines the most protective elements of both the Virginia and California options, placing a fiduciary obligation on businesses that collect and use consumers' personal data. A fiduciary obligation necessarily would increase the legal standard that is applied to claims. According to NYPA §1102(1), the business has a duty to act in the best interest of the owner of its collected data, regardless of the effect on its own business operations. The bill also provides for a private right of action (per CA) and applies to business entities without a minimal revenue threshold (per VA).
 
Added:
>
>

Applying precedent to look forward and increase online privacy.

 
Added:
>
>
Perhaps future systems of protection can draw inspiration from SCOTUS's varied definitions of a "search" under the Fourth Amendment. By application, Riley v. California perhaps made a dent in the unrestricted access to "private" information on the Web. The Court held that in an arrest, information found to be in the "cloud," i.e. accessible via phone but not inherently on it, cannot be considered "on the arrestee's person." To this end, the government is forbidden from surveilling such information stored in the cloud (unless the government's interests are so compelling that a search would be reasonable). This decision relates to consumer privacy in a few ways: 1) The government, like for-profit corporations, is a self-interested entity where data collection is concerned. Efforts to curtail corporate access to private consumer data should be, at the least, matched by legislated protections against government usage of private information. 2) The limit set by Riley to the government's access to information in the cloud is already generating a ripple effect of enhanced privacy protections (such as new considerations for school administrators accessing students' phones, among other things). States can learn from some of these instances in legislative effective consumer protections.
 
Changed:
<
<
Why aren't these headings distributed through the text, where they would be useful to the reader. Collected here at the bottom they don't do much work....
>
>
Also, the Court found in United States v. Jones and Carpenter v. United States that the use of GPS or cell phone signal triangulation to track a suspect without a warrant is unconstitutional. It follows that the government, as an entity, cannot constitutionally keep tabs on a suspect's geographic location at all times may constitute a violation. Although applied differently in a civil context, as government surveillance of a suspect's location may result in a deprivation of liberty, states can look to the implications of this privacy violation to encode tangible protections against private actors committing the same. Perhaps, as more specific cases arise, the Court may set the parameters of constitutional violation more clearly, as they pertain to private businesses' use of consumer information.
 
Changed:
<
<

Is either possible in the modern digital landscape?

>
>

What are businesses and consumers doing? What else can be done?

Corporations, often motivated by intensive public opinion, are themselves looking for ways to enhance privacy — or at the least, "privacy theatre" (the staging of privacy in some kind of space). For example, the cybersecurity department at Lowe's recently hired a specialized, chief privacy officer to work with the company's general counsel. With her oversight, the cybersecurity team's goal is to lock down corporate users with access to customer data, reducing this access significantly. Such action was compelled by the public and the state government of California, alike. The existence of the CCPA (and upcoming legislation) accelerated this process.
 
Added:
>
>
Furthermore, a study by McKinsey? & Company revealed that consumers are exercising greater care in providing information to companies. Often, this extra caution may impede the revenue-generating business models on which companies have consistently relied. Advertising revenue, in particular, falls when businesses can no longer target consumers based on a wealth personal data. According to the study, individuals today feel most comfortable providing information to healthcare and financial services providers, but no industry has surpassed a trust rating of 50 percent; "Only about 10 percent of consumer respondents said that they trust consumer-packaged-goods or media and entertainment companies." As McKinsey? is a consultancy firm, it is incentivized to help businesses maneuver these trust issues and challenges for profit. However, the proliferation of new privacy laws around the country seems to suggest escalating public pressure to curtail excessive data collection and manipulation.
 
Changed:
<
<

Perhaps possible, but not probable.

>
>
Individuals are also trying to better arm themselves against privacy violations. The use of VPNs and systems such as FreedomBox? are aiding in this endeavor. At the least, there is greater awareness of data misuse, which is likely to inspire more universal security.
 
Changed:
<
<

What is being done to encourage or enhance either?

>
>

Conclusion

 
Added:
>
>
Although it isn't perfect, new legislation and regulation can strengthen privacy protections enough to bring the concept of true digital privacy closer on the horizon. As consumers grow increasingly wary of data misuse by private companies, California is paving the way for state legislators to (slowly) respond to their constituents' concerns.
 
Deleted:
<
<

By the government

 
Deleted:
<
<

By individuals/corporations

 
Deleted:
<
<

The Public Forum, with which We, the People, are One.

 
Deleted:
<
<

Limitations on the First Amendment

The government's normalization of Internet stalking

The draft's primary idea seems to be at odds with its material. I take the primary idea to be the desirability of basic consumer anonymity. That's not the same thing as web-tracking, and doesn't seem to have much role in consumer e-commerce, where the seller who ships goods to a consumer will usually know who is at the other end. Consumer anonymity is mostly about payment systems, which you discuss only glancingly. Supreme Court cases about warrantless digital searches are only tangentially relevant, because the information sellers acquire in the course of trade is subject to subpoena. This aspect of the problem is a little closer to the actual subject of this course, but you are not bound to write about it for that reason. More important to improvement is to isolate the real subject of your writing and to focus on it.

 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.

Revision 5r5 - 19 May 2021 - 23:45:56 - KatiaBogomolova
Revision 4r4 - 19 May 2021 - 21:56:20 - KatiaBogomolova
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM