Law in the Internet Society

View   r6  >  r5  >  r4  >  r3  >  r2  >  r1
PatricioMartinezLlompartSecondEssay 6 - 21 Feb 2017 - Main.PatricioMartinezLlompart
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

Privacy Federalism

Line: 6 to 6
 Call it “progressive federalism” or “state rights for the left,” the future of liberal criminal justice, immigration, and climate change policy may rest with local politicians willing to contest the Trump Administration on its legislative and administrative priorities. The local is also an important arena in which to mediate and consider the fate of privacy in the digital age.
Changed:
<
<
Contra the federal executive’s and judiciary’s minimal efforts to protect digital privacy, in recent years, states have taken measures of varying degrees to safeguard personal privacy as the Net’s behavior-collection capabilities increased. Our historical moment makes the role of subnational governments as laboratories for political and legislative action of this sort only more urgent. But enthusiasm for the privacy protections that may arise subnationally must be qualified. With notable exceptions, the reach of current state privacy laws seems insufficient, and the most ambitious protections face potential constitutional challenges.
>
>
Contra the federal executive’s and judiciary’s minimal efforts to protect digital privacy, in recent years, states have taken measures of varying degrees to safeguard personal privacy as the Net’s behavior-collection capabilities increased. Our historical moment makes the role of subnational governments as laboratories for political and legislative action of this sort only more urgent. But enthusiasm for the privacy protections that may arise subnationally must be qualified. With notable exceptions, the reach of current state privacy laws seems insufficient, and the most ambitious protections face potential constitutional challenges.
 
Changed:
<
<

Contours of State and Local Action

>
>

Contours of Subnational Action

 In 2003 California pioneered a data breach notification law that requires both private and public organizations to notify consumers if their unencrypted personal data is acquired by unauthorized persons. Similar statutes have been adopted in almost every other state.
Changed:
<
<
California was also first to mandate via legislation that commercial websites and online services publish a privacy policy. The California Online Privacy Protection Act applies to mobile applications and was amended in 2013 to require disclosures by websites and other online services that monitor user activity to build profiles of [user] behavior and interests.” Most recently, twenty-five states have legislated to disable employers from demanding access credentials to their employees’ personal social media accounts as a condition of employment. More than a dozen states have adopted similar bills to protect student social media accounts from unwarranted access by their academic institutions.
>
>
California was also first to mandate via legislation that commercial websites and online services publish a privacy policy. The California Online Privacy Protection Act applies to mobile applications and was amended in 2013 to require disclosures by websites and other online services that monitor user activity "to build profiles of [user] behavior and interests.” Most recently, twenty-five states have legislated to bar employers from demanding access to their employees’ social media accounts as a condition of employment. More than a dozen states have adopted similar bills to protect student social media accounts from unwarranted access by their academic institutions.
 
Changed:
<
<
Nonetheless, perhaps the high watermark of subnational privacy lawmaking are the statutes that regulate corporate collection and retention of user biometrics—or attributes like fingerprints, retina scans, and facial geometry that can be used to identify a person. Biometric identifiers have become pervasive in the private sector. Financial institutions increasingly use biometric data to authenticate consumers’ identities, whereas social media networks employ biometrics in their photo tagging applications. Unlike replaceable identifiers such as social security numbers, breaches of biometric data may compromise a person’s identity for her lifetime.
>
>
Nonetheless, perhaps the high watermark of subnational privacy lawmaking are the statutes that regulate corporate collection and retention of biometrics—or attributes like fingerprints, retina scans, and facial geometry that can be used to identify a person. Biometric identifiers have become pervasive in the private sector. Financial institutions increasingly use biometric data to authenticate consumer identities, whereas social media networks employ biometrics in their photo tagging applications. Unlike replaceable identifiers such as social security numbers, breaches of biometric data may compromise a person’s identity for a lifetime.
 
Changed:
<
<
Illinois became the first state to legislate comprehensive biometric data protections, imposing stringent notice and consent requirements on companies that handle such information. Since 2008, the Illinois Biometric Information Privacy Act (BIPA) (1) requires businesses to obtain affirmative, informed consent before collecting biometrics; (2) prohibits the sale of biometric data; (3) mandates the creation of retention guidelines for the data; and (4) allows a private right of action for individuals harmed by violations of the act. Texas is the only other state to have enacted similar legislation, although it permits companies to sell biometric data under certain circumstances and does not create a private right of action.
>
>
Illinois became the first state to institute comprehensive biometric data protections, imposing stringent notice and consent requirements on companies that handle such information. Since 2008, the Illinois Biometric Information Privacy Act (BIPA) (1) requires businesses to obtain affirmative, informed consent before collecting biometrics; (2) prohibits the sale of biometric data; (3) mandates the creation of data retention guidelines; and (4) allows a private right of action for individuals harmed by violations of the act. Texas is the only other state to have enacted similar legislation, although it permits companies to sell biometric data under certain circumstances and does not create a private right of action.
 

Is Federalism Salvation?

Changed:
<
<
It is unlikely existing federal law preempts state-level biometric regulation. Paul Schwartz observes most federal statutes mandating privacy guidelines for particular industries only set a floor, or basic threshold of protection, that states may well exceed. But the ultimate viability of state biometric statutes may hinge on whether they impose an undue burden on interstate commerce and/or conflict with the “Dormant” Commerce Clause. Generally, state regulation that affects interstate commerce is constitutional if it advances a legitimate local public interest and its “burden…on such commerce is not excessive in relation to putative local benefits.” A state law, however, may be unconstitutional when it conflicts with “dormant” interstate commerce. While states can regulate their local affairs in ways that affect interstate commerce “as long as they do not impermissibly trespass upon national interests,” the absence of federal regulation may indicate Congress wants a particular issue to remain unregulated, for which state laws to the contrary could be unconstitutional.
>
>
It is unlikely existing federal law preempts state-level biometric regulation. Paul Schwartz observes most federal statutes mandating privacy guidelines for particular industries only set a floor, or basic threshold of protection, that states can well exceed. But the success of state biometric statutes may ultimately hinge on whether they impose an undue burden on interstate commerce and/or clash with the “Dormant” Commerce Clause. Generally, state regulation that affects interstate commerce is constitutional if it advances a legitimate local public interest and its “burden…on such commerce is not excessive in relation to putative local benefits.” A state law, however, may be unconstitutional when it conflicts with “dormant” interstate commerce. While states can regulate their local affairs in ways that affect interstate commerce “as long as they do not impermissibly trespass upon national interests,” the absence of federal regulation could reflect congressional desire that a particular issue remain unregulated, making state laws to the contrary constitutionally vulnerable.
 
Changed:
<
<
Faced with a Commerce Clause challenge, Illinois and other states that adopt expansive biometrics regulations are likely to assert they have legitimate interest in creating statutory safeguards for their citizens’ identities and personal information in the digital age. In turn, affected interstate market actors would maintain the burden of state-specific biometrics regulations on their businesses transcends an “intangible,” governmental interest in the protection of individual privacy. For example, social media or photo-sharing platforms that employ biometric tools as a default would have to locate residents of BIPA states and provide them with an opportunity to provide affirmative consent. This, the companies would argue, translates into higher design and engineering costs just to engage in business within BIPA states—the sort of burden on interstate commerce the Supreme Court rejected in Pike and South Pacific Co. v. Arizona as excessive in relation to a countervailing local public interest. Facebook recently counterclaimed a similar argument in its active litigation with a class of Illinois residents who allege the network’s “opt in” face-recognition photo tagging system violates BIPA. Companies could also contend BIPA violates dormant commerce on grounds that a patchwork of state-level biometric regulations clashes with a presumptive federal interest in national uniformity with regards to privacy law.
>
>
Faced with a Commerce Clause challenge, Illinois and other states that adopt expansive biometrics regulations are likely to assert they have a legitimate interest in creating statutory safeguards for their citizens’ identities and personal information in the digital age. In turn, affected interstate market actors would maintain the burden of state-specific biometric regulation on their businesses transcends an “intangible,” governmental interest in the protection of individual privacy. For example, social media or photo-sharing platforms that employ biometric tools as a default would have to locate residents of BIPA states and provide them with an opportunity to provide affirmative consent. This, the companies would argue, translates into higher design and engineering costs just to engage in business within BIPA jurisdictions—the sort of burden on interstate commerce the Supreme Court rejected in Pike and South Pacific Co. v. Arizona as excessive in relation to a countervailing local public interest. Facebook recently pleaded a similar argument in its active litigation with a class of Illinois residents who allege the network’s “opt in” face-recognition photo tagging system violates BIPA. Companies could also contend BIPA violates dormant commerce on grounds that a patchwork of state-level biometric regulations clashes with a presumptive federal interest in national uniformity with regards to privacy law.
 

Salvation is Individual

Changed:
<
<
Most states have yet to limit the ability of online service providers to profit off our digital lives. Disclosure mandates are insufficient if corporations act legally when they aggregate and package our behavior for sale. But despite the observable limits of current attempts at lawmaking, short-term legislative or legal innovations to protect digital privacy are likely to stem from this subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. Since the beginning of 2017, the legislatures of four states—Alaska, Connecticut, New Hampshire, and Washington—have introduced bills to regulate biometric data modeled after Illinois’ BIPA. It’s on us to mobilize and advocate for more. Only then the promise of a right that enshrines privacy as a robust triad of secrecy, anonymity, and autonomy will no longer be elusive.
>
>
Most states have yet to limit online service providers' capacity to profit off our digital lives. Disclosure mandates are insufficient if corporations act legally when they aggregate and package our behavior for sale. But despite the observable limits of current attempts at lawmaking, short-term legislative or legal innovations to protect digital privacy are likely to stem from this subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. Since the beginning of 2017, the legislatures of four states—Alaska, Connecticut, New Hampshire, and Washington—have introduced bills to regulate biometric data modeled after Illinois’ BIPA. It’s on us to mobilize and advocate for more. Only then will the promise of a right that enshrines privacy as a robust triad of secrecy, anonymity, and autonomy no longer be elusive.
 

\ No newline at end of file


PatricioMartinezLlompartSecondEssay 5 - 21 Feb 2017 - Main.PatricioMartinezLlompart
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

Privacy Federalism

-- By PatricioMartinezLlompart - 10 Dec 2016

Changed:
<
<
City and state governments are emboldened to drive progressive policymaking nationwide as Republicans regain absolute control of the federal government. Whether we call it “progressive federalism” or “state rights for the left,” the future of liberal criminal justice, immigration, and climate change policy may rest with local politicians willing to contest the Trump Administration on its legislative and administrative priorities. The local is also an important arena in which to mediate, defend, and consider the fate of our privacy in the digital age.
>
>
Call it “progressive federalism” or “state rights for the left,” the future of liberal criminal justice, immigration, and climate change policy may rest with local politicians willing to contest the Trump Administration on its legislative and administrative priorities. The local is also an important arena in which to mediate and consider the fate of privacy in the digital age.
 
Changed:
<
<
Contra the federal executive’s and judiciary’s minimal efforts to protect digital privacy, in recent years, states and cities have taken measures of varying degrees to safeguard personal privacy as the Net’s behavior-collection capabilities became more far reaching. Our current historical moment makes the role of subnational governments as laboratories for political and legislative action of this sort only more urgent. But whatever enthusiasm for the potential privacy protections that may arise subnationally must be qualified. The reach of current state privacy laws seems insufficient and the arms-race for “smart cities” is positioned to turn our urban environs into massive behavior-collection machines.
>
>
Contra the federal executive’s and judiciary’s minimal efforts to protect digital privacy, in recent years, states have taken measures of varying degrees to safeguard personal privacy as the Net’s behavior-collection capabilities increased. Our historical moment makes the role of subnational governments as laboratories for political and legislative action of this sort only more urgent. But enthusiasm for the privacy protections that may arise subnationally must be qualified. With notable exceptions, the reach of current state privacy laws seems insufficient, and the most ambitious protections face potential constitutional challenges.
 
Deleted:
<
<

Contours of State and Local Action

Legislation

 
Changed:
<
<
Proposals for a Consumer Privacy Bill of Rights and an updated Electronic Communications Privacy Act stall in Washington DC. Meanwhile, in Texas, state politicians acknowledge their constituents are “increasingly wary their lives are no lomger going to be their own.” States ranging from California to Oklahoma have passed privacy laws to protect individual information in a variety of contexts. Many of these laws were enacted in response to citizen demands after Snowden’s 2013 revelations of the federal government’s mass surveillance program.
>
>

Contours of State and Local Action

 In 2003 California pioneered a data breach notification law that requires both private and public organizations to notify consumers if their unencrypted personal data is acquired by unauthorized persons. Similar statutes have been adopted in almost every other state.
Changed:
<
<
California was also first to mandate via legislation that commercial websites and online services publish a privacy policy. The California Online Privacy Protection Act applies to mobile applications and was amended in 2013 to require disclosures by websites and other online services that monitor user activity to build profiles of [user] behavior and interests.”

Most recently, twenty-five states have legislated to disable employers from demanding access credentials to their employees’ personal social media accounts as a condition of employment. More than a dozen states have adopted similar bills to protect student social media accounts from unwarranted access by their academic institutions.

Enforcement and Administration

>
>
California was also first to mandate via legislation that commercial websites and online services publish a privacy policy. The California Online Privacy Protection Act applies to mobile applications and was amended in 2013 to require disclosures by websites and other online services that monitor user activity to build profiles of [user] behavior and interests.” Most recently, twenty-five states have legislated to disable employers from demanding access credentials to their employees’ personal social media accounts as a condition of employment. More than a dozen states have adopted similar bills to protect student social media accounts from unwarranted access by their academic institutions.
 
Changed:
<
<
Beyond its provisions, the teeth of subnational privacy law is in its enforcement and administration by the pertinent government authorities.
>
>
Nonetheless, perhaps the high watermark of subnational privacy lawmaking are the statutes that regulate corporate collection and retention of user biometrics—or attributes like fingerprints, retina scans, and facial geometry that can be used to identify a person. Biometric identifiers have become pervasive in the private sector. Financial institutions increasingly use biometric data to authenticate consumers’ identities, whereas social media networks employ biometrics in their photo tagging applications. Unlike replaceable identifiers such as social security numbers, breaches of biometric data may compromise a person’s identity for her lifetime.
 
Changed:
<
<
State attorney generals are front and center to making privacy legislation more than a gimmick. In 2013, Google settled a case filed by 38 states alleging privacy violations through Google's Street View project; the company admitted to collecting passwords, email, and other personal user information. Also in 2013, Google entered into a $17 million settlement with 37 states plus the District of Columbia for bypassing Safari’s default privacy settings and enabling undisclosed third-party user surveillance.

Perhaps in the clearest preview of imminent local-federal clashes, Mayor de Blasio recently announced the municipal government will shield data of undocumented immigrants participating in idNYC from the feds. The program was created, in part, to provide undocumented immigrants residing in New York with a formal identification card. The Human Resources Administration manages the initiative and retains the right to destroy records relating to proof of identity or residency of ID solicitants, per the program’s 2014 enacting legislation.

>
>
Illinois became the first state to legislate comprehensive biometric data protections, imposing stringent notice and consent requirements on companies that handle such information. Since 2008, the Illinois Biometric Information Privacy Act (BIPA) (1) requires businesses to obtain affirmative, informed consent before collecting biometrics; (2) prohibits the sale of biometric data; (3) mandates the creation of retention guidelines for the data; and (4) allows a private right of action for individuals harmed by violations of the act. Texas is the only other state to have enacted similar legislation, although it permits companies to sell biometric data under certain circumstances and does not create a private right of action.
 

Is Federalism Salvation?

Changed:
<
<
State and local action to counter the lessening of our privacy in the digital age is commendable given the federal government’s unwillingness to act. From the brief overview of legislation and enforcement actions outlined above, however, it is clear state and local authorities have yet to substantially limit online service providers’ ability to profiteer off our digital lives, the fundamental unfreedom and injustice of the Net society.

Disclosure does not equate protection. As long as they announce they're collecting it, service providers still act under the law when they collect our behavior and sell it like they please. Disclosing they are collecting, but still allowing them to collect and surveil, is not enough if we envision privacy as a robust triad of secrecy, anonymity, and autonomy. And even if we just hope for compliance with the current regulatory regime’s restrained reach, $7 and $17 million settlements seem meager deterrents for service providers like Facebook and Google.

>
>
It is unlikely existing federal law preempts state-level biometric regulation. Paul Schwartz observes most federal statutes mandating privacy guidelines for particular industries only set a floor, or basic threshold of protection, that states may well exceed. But the ultimate viability of state biometric statutes may hinge on whether they impose an undue burden on interstate commerce and/or conflict with the “Dormant” Commerce Clause. Generally, state regulation that affects interstate commerce is constitutional if it advances a legitimate local public interest and its “burden…on such commerce is not excessive in relation to putative local benefits.” A state law, however, may be unconstitutional when it conflicts with “dormant” interstate commerce. While states can regulate their local affairs in ways that affect interstate commerce “as long as they do not impermissibly trespass upon national interests,” the absence of federal regulation may indicate Congress wants a particular issue to remain unregulated, for which state laws to the contrary could be unconstitutional.
 
Changed:
<
<
Moreover, local leaders’ public statement announcing they will stand off federal officials who attempt to intrude upon the privacy of their urban denizens conflicts with their willingness to embrace the smart city gospel. Making city services more efficient and user-accessible should certainly be a priority for any municipal administration. But is installing cameras and censors in every corner—creating a “total information awareness scheme”—the answer to that? If we don’t like our city’s privacy policy, do we have the ability to opt out?
>
>
Faced with a Commerce Clause challenge, Illinois and other states that adopt expansive biometrics regulations are likely to assert they have legitimate interest in creating statutory safeguards for their citizens’ identities and personal information in the digital age. In turn, affected interstate market actors would maintain the burden of state-specific biometrics regulations on their businesses transcends an “intangible,” governmental interest in the protection of individual privacy. For example, social media or photo-sharing platforms that employ biometric tools as a default would have to locate residents of BIPA states and provide them with an opportunity to provide affirmative consent. This, the companies would argue, translates into higher design and engineering costs just to engage in business within BIPA states—the sort of burden on interstate commerce the Supreme Court rejected in Pike and South Pacific Co. v. Arizona as excessive in relation to a countervailing local public interest. Facebook recently counterclaimed a similar argument in its active litigation with a class of Illinois residents who allege the network’s “opt in” face-recognition photo tagging system violates BIPA. Companies could also contend BIPA violates dormant commerce on grounds that a patchwork of state-level biometric regulations clashes with a presumptive federal interest in national uniformity with regards to privacy law.
 

Salvation is Individual

Changed:
<
<
Despite the observable limits of current attempts at state and local privacy lawmaking, in the near future, further legislative or legal innovations to protect our digital privacy are likely to stem from this subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. It’s on us to mobilize and advocate for better. A potential first step: Demanding legislation that bans the sale and requires the deletion of metrics collected through smart city infrastructure. We may not be able to opt out from our city’s surveillance apparatus, but we are still free to opt into our political process and demand action.

It would have been useful to provide examples of the state-level legislation (in the area of biometrics, for example) so that the reader could understand both what might be undertaken, at what conceptual levels, and what the likelihood is of preemption, in the interest of what will genuinely be a growing burden on interstate commerce. Taxation will be a reasonably good guide to go by, in this area, won't it? Or why?

>
>
Most states have yet to limit the ability of online service providers to profit off our digital lives. Disclosure mandates are insufficient if corporations act legally when they aggregate and package our behavior for sale. But despite the observable limits of current attempts at lawmaking, short-term legislative or legal innovations to protect digital privacy are likely to stem from this subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. Since the beginning of 2017, the legislatures of four states—Alaska, Connecticut, New Hampshire, and Washington—have introduced bills to regulate biometric data modeled after Illinois’ BIPA. It’s on us to mobilize and advocate for more. Only then the promise of a right that enshrines privacy as a robust triad of secrecy, anonymity, and autonomy will no longer be elusive.
 
Deleted:
<
<
  \ No newline at end of file

PatricioMartinezLlompartSecondEssay 4 - 12 Feb 2017 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

Privacy Federalism

Line: 39 to 39
 Despite the observable limits of current attempts at state and local privacy lawmaking, in the near future, further legislative or legal innovations to protect our digital privacy are likely to stem from this subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. It’s on us to mobilize and advocate for better. A potential first step: Demanding legislation that bans the sale and requires the deletion of metrics collected through smart city infrastructure. We may not be able to opt out from our city’s surveillance apparatus, but we are still free to opt into our political process and demand action.
Deleted:
<
<

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:
 
Changed:
<
<
>
>

It would have been useful to provide examples of the state-level legislation (in the area of biometrics, for example) so that the reader could understand both what might be undertaken, at what conceptual levels, and what the likelihood is of preemption, in the interest of what will genuinely be a growing burden on interstate commerce. Taxation will be a reasonably good guide to go by, in this area, won't it? Or why?

 
Deleted:
<
<
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.
 \ No newline at end of file

PatricioMartinezLlompartSecondEssay 3 - 13 Jan 2017 - Main.PatricioMartinezLlompart
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

Privacy Federalism

-- By PatricioMartinezLlompart - 10 Dec 2016

Changed:
<
<
City and state governments are emboldened to take the lead on progressive policymaking nationwide as Republicans regain absolute control of the federal government. Whether we call it “progressive federalism” or “state rights for the left,” the future of liberal criminal justice, immigration, and climate change policy may rest with local politicians willing to contest the Trump Administration on its legislative and administrative priorities. The local is also an important arena in which to mediate, defend, and consider the fate of our right to privacy in the digital age.
>
>
City and state governments are emboldened to drive progressive policymaking nationwide as Republicans regain absolute control of the federal government. Whether we call it “progressive federalism” or “state rights for the left,” the future of liberal criminal justice, immigration, and climate change policy may rest with local politicians willing to contest the Trump Administration on its legislative and administrative priorities. The local is also an important arena in which to mediate, defend, and consider the fate of our privacy in the digital age.
 
Changed:
<
<
Contra the federal executive’s and judiciary’s minimal efforts to protect digital privacy, in recent years, states and cities have taken measures of varying sorts to safeguard privacy as the Net’s behavior-collection capabilities became more far reaching. Our current historical moment makes the role of subnational governments as laboratories for political and legislative action of this sort only more urgent. But whatever enthusiasm for the potential privacy protections that may arise subnationally must be qualified. The reach of current state privacy laws seems insufficient and the arms-race for “smart cities” is positioned to turn our urban environs into massive behavior-collection machines.
>
>
Contra the federal executive’s and judiciary’s minimal efforts to protect digital privacy, in recent years, states and cities have taken measures of varying degrees to safeguard personal privacy as the Net’s behavior-collection capabilities became more far reaching. Our current historical moment makes the role of subnational governments as laboratories for political and legislative action of this sort only more urgent. But whatever enthusiasm for the potential privacy protections that may arise subnationally must be qualified. The reach of current state privacy laws seems insufficient and the arms-race for “smart cities” is positioned to turn our urban environs into massive behavior-collection machines.
 

Contours of State and Local Action

Legislation

Changed:
<
<
Proposals for a Consumer Privacy Bill of Rights and an updated Electronic Communications Privacy Act stall in Washington DC. Meanwhile, in Texas, state politicians acknowledge their constituents are “increasingly wary that their lives are going to be no longer their own.” States ranging from California to Oklahoma have passed different privacy laws to protect individual information in a variety of contexts. Many of these laws were enacted in response to citizen demands after Snowden’s 2013 revelations of the federal government’s mass surveillance program.
>
>
Proposals for a Consumer Privacy Bill of Rights and an updated Electronic Communications Privacy Act stall in Washington DC. Meanwhile, in Texas, state politicians acknowledge their constituents are “increasingly wary their lives are no lomger going to be their own.” States ranging from California to Oklahoma have passed privacy laws to protect individual information in a variety of contexts. Many of these laws were enacted in response to citizen demands after Snowden’s 2013 revelations of the federal government’s mass surveillance program.
 
Changed:
<
<
In 2003 California pioneered a data breach notification law that requires both private and public organizations to inform users if their data is breached or stolen. Similar statutes have been adopted in almost every other state. California was also the first state to mandate via legislation that commercial websites and online services publish a privacy policy. The California Online Privacy Protection Act applies to mobile applications and was amended in 2013 to also require disclosures by websites and other online services that monitor user activities in the Net “to build a profile of [user] behavior and interests.”
>
>
In 2003 California pioneered a data breach notification law that requires both private and public organizations to notify consumers if their unencrypted personal data is acquired by unauthorized persons. Similar statutes have been adopted in almost every other state. California was also first to mandate via legislation that commercial websites and online services publish a privacy policy. The California Online Privacy Protection Act applies to mobile applications and was amended in 2013 to require disclosures by websites and other online services that monitor user activity to build profiles of [user] behavior and interests.”
 Most recently, twenty-five states have legislated to disable employers from demanding access credentials to their employees’ personal social media accounts as a condition of employment. More than a dozen states have adopted similar bills to protect student social media accounts from unwarranted access by their academic institutions.

Enforcement and Administration

Changed:
<
<
Beyond its provisions, the teeth of subnational privacy law lie in its enforcement and administration by the pertinent government authorities.
>
>
Beyond its provisions, the teeth of subnational privacy law is in its enforcement and administration by the pertinent government authorities.
 
Changed:
<
<
State attorney generals are front and center to making privacy legislation more than a gimmick. In 2013, Google settled a case filed by 38 states for violations of people’s privacy through its Street View project; the company admitted to collecting passwords, email, and other personal user information. Also in 2013, Google entered into a $17 million settlement with 37 states plus the District of Columbia for bypassing Safari’s default privacy settings and enabling undisclosed third-party user surveillance.
>
>
State attorney generals are front and center to making privacy legislation more than a gimmick. In 2013, Google settled a case filed by 38 states alleging privacy violations through Google's Street View project; the company admitted to collecting passwords, email, and other personal user information. Also in 2013, Google entered into a $17 million settlement with 37 states plus the District of Columbia for bypassing Safari’s default privacy settings and enabling undisclosed third-party user surveillance.
 
Changed:
<
<
Perhaps in the clearest preview of imminent local-federal confrontations, Mayor de Blasio recently announced the municipal government will shield from the feds data of undocumented immigrants participating of idNYC. The program was created, in part, to provide undocumented immigrants residing in New York with a formal ID. The Human Resources Administration manages the initiative and retains the right to destroy records relating to proof of identity or residency of ID solicitants, per the program’s 2014 enacting legislation.
>
>
Perhaps in the clearest preview of imminent local-federal clashes, Mayor de Blasio recently announced the municipal government will shield data of undocumented immigrants participating in idNYC from the feds. The program was created, in part, to provide undocumented immigrants residing in New York with a formal identification card. The Human Resources Administration manages the initiative and retains the right to destroy records relating to proof of identity or residency of ID solicitants, per the program’s 2014 enacting legislation.
 

Is Federalism Salvation?

State and local action to counter the lessening of our privacy in the digital age is commendable given the federal government’s unwillingness to act. From the brief overview of legislation and enforcement actions outlined above, however, it is clear state and local authorities have yet to substantially limit online service providers’ ability to profiteer off our digital lives, the fundamental unfreedom and injustice of the Net society.

Changed:
<
<
Disclosure does not equate protection. Service providers still act under the law when they collect our behavior and sell it like they please, as long as they announce they're collecting our behavior. Disclosing they are collecting, but still allowing them to collect and surveil, is not enough if we envision privacy as a robust triad of secrecy, anonymity, and autonomy. And even if we just hope for compliance with the current regulatory regime’s restrained reach, $7 and $17 million settlements seem meager deterrents for service providers like Facebook and Google.
>
>
Disclosure does not equate protection. As long as they announce they're collecting it, service providers still act under the law when they collect our behavior and sell it like they please. Disclosing they are collecting, but still allowing them to collect and surveil, is not enough if we envision privacy as a robust triad of secrecy, anonymity, and autonomy. And even if we just hope for compliance with the current regulatory regime’s restrained reach, $7 and $17 million settlements seem meager deterrents for service providers like Facebook and Google.
 Moreover, local leaders’ public statement announcing they will stand off federal officials who attempt to intrude upon the privacy of their urban denizens conflicts with their willingness to embrace the smart city gospel. Making city services more efficient and user-accessible should certainly be a priority for any municipal administration. But is installing cameras and censors in every corner—creating a “total information awareness scheme”—the answer to that? If we don’t like our city’s privacy policy, do we have the ability to opt out?

Salvation is Individual

Changed:
<
<
Despite the observable limits of current attempts at state and local privacy lawmaking, in the near future, further legislative or legal innovations to protect our digital privacy are likely to stem from the subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. It’s on us to mobilize and advocate for better. A potential first step: demanding legislation that bans the sale and requires the deletion of metrics collected through smart city infrastructure. We may not be able to opt out from our city’s surveillance apparatus, but we are still free to opt into our political process and demand something done about it.
>
>
Despite the observable limits of current attempts at state and local privacy lawmaking, in the near future, further legislative or legal innovations to protect our digital privacy are likely to stem from this subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. It’s on us to mobilize and advocate for better. A potential first step: Demanding legislation that bans the sale and requires the deletion of metrics collected through smart city infrastructure. We may not be able to opt out from our city’s surveillance apparatus, but we are still free to opt into our political process and demand action.
 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.

PatricioMartinezLlompartSecondEssay 2 - 11 Jan 2017 - Main.PatricioMartinezLlompart
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"
Deleted:
<
<
 

Privacy Federalism

-- By PatricioMartinezLlompart - 10 Dec 2016

Line: 5 to 4
 -- By PatricioMartinezLlompart - 10 Dec 2016
Changed:
<
<
City and state governments are emboldened to take the lead on progressive policymaking nationwide as Republicans regain absolute control of the federal government. Whether we call it “progressive federalism” or “state rights for the left,” the future of liberal criminal justice, immigration, and climate change policy rests with locally-elected politicians willing to put up the good fight against the Trump Administration. The local is also an important arena in which to mediate, defend, and consider the fate of our right to privacy in the digital age.
>
>
City and state governments are emboldened to take the lead on progressive policymaking nationwide as Republicans regain absolute control of the federal government. Whether we call it “progressive federalism” or “state rights for the left,” the future of liberal criminal justice, immigration, and climate change policy may rest with local politicians willing to contest the Trump Administration on its legislative and administrative priorities. The local is also an important arena in which to mediate, defend, and consider the fate of our right to privacy in the digital age.
 
Changed:
<
<
Contra the federal executive’s and judiciary’s minimalistic efforts to protect digital privacy, in recent years, states and cities have taken measures of varying sorts to safeguard privacy as the Net’s behavior-collection capabilities became more far reaching. And our current historical moment makes the role of subnational governments as laboratories for political and legislative action of this sort only more urgent. Whatever enthusiasm for the future of individual privacy in hands of progressive or freedom-loving local politicians, however, must be qualified. The reach of state privacy laws seems insufficient and the arms-race for “smart cities” is positioned to make of our urban environs a massive behavior-collection Machine.
>
>
Contra the federal executive’s and judiciary’s minimal efforts to protect digital privacy, in recent years, states and cities have taken measures of varying sorts to safeguard privacy as the Net’s behavior-collection capabilities became more far reaching. Our current historical moment makes the role of subnational governments as laboratories for political and legislative action of this sort only more urgent. But whatever enthusiasm for the potential privacy protections that may arise subnationally must be qualified. The reach of current state privacy laws seems insufficient and the arms-race for “smart cities” is positioned to turn our urban environs into massive behavior-collection machines.
 

Contours of State and Local Action

Legislation

Changed:
<
<
Proposals for a Consumer Privacy Bill of Rights and an updated Electronic Communications Privacy Act stall in Washington DC. Meanwhile, in Texas, state politicians acknowledge their constituents are “becoming increasingly wary that their lives are going to be no longer their own.” States ranging from California to Oklahoma have passed different privacy laws to protect individual information in a variety of contexts. Many of these laws were enacted in response to citizen demands for action after Edward Snowden’s 2013 revelations of the federal government’s mass surveillance program.
>
>
Proposals for a Consumer Privacy Bill of Rights and an updated Electronic Communications Privacy Act stall in Washington DC. Meanwhile, in Texas, state politicians acknowledge their constituents are “increasingly wary that their lives are going to be no longer their own.” States ranging from California to Oklahoma have passed different privacy laws to protect individual information in a variety of contexts. Many of these laws were enacted in response to citizen demands after Snowden’s 2013 revelations of the federal government’s mass surveillance program.
 In 2003 California pioneered a data breach notification law that requires both private and public organizations to inform users if their data is breached or stolen. Similar statutes have been adopted in almost every other state. California was also the first state to mandate via legislation that commercial websites and online services publish a privacy policy. The California Online Privacy Protection Act applies to mobile applications and was amended in 2013 to also require disclosures by websites and other online services that monitor user activities in the Net “to build a profile of [user] behavior and interests.”
Line: 30 to 29
 

Is Federalism Salvation?

Changed:
<
<
State and local action to counter the continuous lessening of our privacy in the digital age is especially commendable given the federal government’s unwillingness to act. But just from the brief overview of legislation and enforcement actions outlined above it is clear state and local authorities have yet to substantially limit online service providers’ ability to profiteer off our digital lives, the fundamental unfreedom and injustice of our Net society.
>
>
State and local action to counter the lessening of our privacy in the digital age is commendable given the federal government’s unwillingness to act. From the brief overview of legislation and enforcement actions outlined above, however, it is clear state and local authorities have yet to substantially limit online service providers’ ability to profiteer off our digital lives, the fundamental unfreedom and injustice of the Net society.
 
Changed:
<
<
Disclosure does not equate protection. Service providers still act under the law when they collect our behavior and sell it like they wish, as long as they announce its collection. Knowing what they are collecting, but still allowing them to collect and surveil, is not enough if we envision privacy as a robust triad of secrecy, anonymity, and autonomy. And even if we just hope for compliance with the current regulatory regime’s restrained reach, $7 and $17 million settlements seem meager deterrents for service providers like Facebook and Google.
>
>
Disclosure does not equate protection. Service providers still act under the law when they collect our behavior and sell it like they please, as long as they announce they're collecting our behavior. Disclosing they are collecting, but still allowing them to collect and surveil, is not enough if we envision privacy as a robust triad of secrecy, anonymity, and autonomy. And even if we just hope for compliance with the current regulatory regime’s restrained reach, $7 and $17 million settlements seem meager deterrents for service providers like Facebook and Google.
 
Changed:
<
<
Moreover, local leaders’ public statement announcing they will stand off federal officials who attempt to intrude upon the privacy of their urban denizens conflicts with their willingness to adopt the smart city gospel. Making city services more efficient and user-accessible should certainly be a priority for any municipal administration, but is installing cameras and censors in every corner—creating a “total information awareness scheme”—the answer to that? If we don’t like our city’s privacy policy, do we have the ability to opt out?
>
>
Moreover, local leaders’ public statement announcing they will stand off federal officials who attempt to intrude upon the privacy of their urban denizens conflicts with their willingness to embrace the smart city gospel. Making city services more efficient and user-accessible should certainly be a priority for any municipal administration. But is installing cameras and censors in every corner—creating a “total information awareness scheme”—the answer to that? If we don’t like our city’s privacy policy, do we have the ability to opt out?
 

Salvation is Individual

Changed:
<
<
Despite the observable limits of current attempts at state and local privacy lawmaking, in the near future any further legislative or legal innovations to protect our freedom from the Net are likely to stem from the subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. It’s on us to mobilize and advocate for better. A potential first step: demanding legislation that bans the sale and requires the deletion of metrics collected through the smart city infrastructure. We may not be able to opt out from our city’s surveillance apparatus, but we are still free to opt into our political process and demand something done about it.
>
>
Despite the observable limits of current attempts at state and local privacy lawmaking, in the near future, further legislative or legal innovations to protect our digital privacy are likely to stem from the subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. It’s on us to mobilize and advocate for better. A potential first step: demanding legislation that bans the sale and requires the deletion of metrics collected through smart city infrastructure. We may not be able to opt out from our city’s surveillance apparatus, but we are still free to opt into our political process and demand something done about it.
 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.

PatricioMartinezLlompartSecondEssay 1 - 10 Dec 2016 - Main.PatricioMartinezLlompart
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="SecondEssay"

Privacy Federalism

-- By PatricioMartinezLlompart - 10 Dec 2016

City and state governments are emboldened to take the lead on progressive policymaking nationwide as Republicans regain absolute control of the federal government. Whether we call it “progressive federalism” or “state rights for the left,” the future of liberal criminal justice, immigration, and climate change policy rests with locally-elected politicians willing to put up the good fight against the Trump Administration. The local is also an important arena in which to mediate, defend, and consider the fate of our right to privacy in the digital age.

Contra the federal executive’s and judiciary’s minimalistic efforts to protect digital privacy, in recent years, states and cities have taken measures of varying sorts to safeguard privacy as the Net’s behavior-collection capabilities became more far reaching. And our current historical moment makes the role of subnational governments as laboratories for political and legislative action of this sort only more urgent. Whatever enthusiasm for the future of individual privacy in hands of progressive or freedom-loving local politicians, however, must be qualified. The reach of state privacy laws seems insufficient and the arms-race for “smart cities” is positioned to make of our urban environs a massive behavior-collection Machine.

Contours of State and Local Action

Legislation

Proposals for a Consumer Privacy Bill of Rights and an updated Electronic Communications Privacy Act stall in Washington DC. Meanwhile, in Texas, state politicians acknowledge their constituents are “becoming increasingly wary that their lives are going to be no longer their own.” States ranging from California to Oklahoma have passed different privacy laws to protect individual information in a variety of contexts. Many of these laws were enacted in response to citizen demands for action after Edward Snowden’s 2013 revelations of the federal government’s mass surveillance program.

In 2003 California pioneered a data breach notification law that requires both private and public organizations to inform users if their data is breached or stolen. Similar statutes have been adopted in almost every other state. California was also the first state to mandate via legislation that commercial websites and online services publish a privacy policy. The California Online Privacy Protection Act applies to mobile applications and was amended in 2013 to also require disclosures by websites and other online services that monitor user activities in the Net “to build a profile of [user] behavior and interests.”

Most recently, twenty-five states have legislated to disable employers from demanding access credentials to their employees’ personal social media accounts as a condition of employment. More than a dozen states have adopted similar bills to protect student social media accounts from unwarranted access by their academic institutions.

Enforcement and Administration

Beyond its provisions, the teeth of subnational privacy law lie in its enforcement and administration by the pertinent government authorities.

State attorney generals are front and center to making privacy legislation more than a gimmick. In 2013, Google settled a case filed by 38 states for violations of people’s privacy through its Street View project; the company admitted to collecting passwords, email, and other personal user information. Also in 2013, Google entered into a $17 million settlement with 37 states plus the District of Columbia for bypassing Safari’s default privacy settings and enabling undisclosed third-party user surveillance.

Perhaps in the clearest preview of imminent local-federal confrontations, Mayor de Blasio recently announced the municipal government will shield from the feds data of undocumented immigrants participating of idNYC. The program was created, in part, to provide undocumented immigrants residing in New York with a formal ID. The Human Resources Administration manages the initiative and retains the right to destroy records relating to proof of identity or residency of ID solicitants, per the program’s 2014 enacting legislation.

Is Federalism Salvation?

State and local action to counter the continuous lessening of our privacy in the digital age is especially commendable given the federal government’s unwillingness to act. But just from the brief overview of legislation and enforcement actions outlined above it is clear state and local authorities have yet to substantially limit online service providers’ ability to profiteer off our digital lives, the fundamental unfreedom and injustice of our Net society.

Disclosure does not equate protection. Service providers still act under the law when they collect our behavior and sell it like they wish, as long as they announce its collection. Knowing what they are collecting, but still allowing them to collect and surveil, is not enough if we envision privacy as a robust triad of secrecy, anonymity, and autonomy. And even if we just hope for compliance with the current regulatory regime’s restrained reach, $7 and $17 million settlements seem meager deterrents for service providers like Facebook and Google.

Moreover, local leaders’ public statement announcing they will stand off federal officials who attempt to intrude upon the privacy of their urban denizens conflicts with their willingness to adopt the smart city gospel. Making city services more efficient and user-accessible should certainly be a priority for any municipal administration, but is installing cameras and censors in every corner—creating a “total information awareness scheme”—the answer to that? If we don’t like our city’s privacy policy, do we have the ability to opt out?

Salvation is Individual

Despite the observable limits of current attempts at state and local privacy lawmaking, in the near future any further legislative or legal innovations to protect our freedom from the Net are likely to stem from the subnational scene. Local public officials across the partisan spectrum have demonstrated their willingness to talk privacy and grapple with the implications of its erosion in the digital era. It’s on us to mobilize and advocate for better. A potential first step: demanding legislation that bans the sale and requires the deletion of metrics collected through the smart city infrastructure. We may not be able to opt out from our city’s surveillance apparatus, but we are still free to opt into our political process and demand something done about it.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Revision 6r6 - 21 Feb 2017 - 03:19:21 - PatricioMartinezLlompart
Revision 5r5 - 21 Feb 2017 - 01:24:02 - PatricioMartinezLlompart
Revision 4r4 - 12 Feb 2017 - 20:15:53 - EbenMoglen
Revision 3r3 - 13 Jan 2017 - 15:08:44 - PatricioMartinezLlompart
Revision 2r2 - 11 Jan 2017 - 13:34:29 - PatricioMartinezLlompart
Revision 1r1 - 10 Dec 2016 - 02:42:04 - PatricioMartinezLlompart
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM