Computers, Privacy & the Constitution

PaulLie's Journal

Journal Entry 2

5 April 2020

I realized that I had accidentally created my first journal entry under a Guest Login, so here goes attempt No. 2.

Thanks for fixing the problem.

The New York Times article posted on the radar has highlighted the privacy concerns that have arisen as a result of governmental policies taken to combat the spread of the Covid 19 virus

Why not just make a link here? Why put the URL in the text? This is the web....

In Singapore, I had mentioned the development of a voluntary contact tracing app called “TraceTogether” which uses short range Bluetooth to maintain a log of other users with the same app. The idea behind the app is that the data logs would allow authorities to identify persons who were previously in close contact with the user, in the event the user is subsequently diagnosed with the virus .

To address privacy considerations, the app anonymizes and encrypts data collected. Concerns however have been raised that the coding in the app collects other information (e.g. IP Addresses, device type, carrier) which may eventually be used to identify users, thus rendering anonymization attempts redundant .

There's no way this data can be "anonymized." If you know where people sleep, you know who they are.

In my view the “TraceTogether” app attempts to strike a balance between privacy and societal benefit by allowing users to voluntary choose whether to download the app or not.

Are you saying that their consent is informed, or that you don't care so long as it's consent?

_I think consent is only valid if it is informed consent because you must know what you are consenting to. The fact that downloading the app is voluntary does not remove the obligation on the government to ensure that the app actually has the privacy and security measures it says it has. _

As the Covid 19 situation worsens though, pressure will only grow on government agencies to leverage on any form of advantage they have to combat the spread of the virus. Each country will then have to make a choice on balancing individual privacy with collective public need, including the possibility of mandatory or invasive forms of location tracing. As highlighted in the earlier class, the key is in ensuring that any constraints on privacy must be limited to only what is strictly necessary, and any such policies implemented must be quickly rolled back once the need for them has passed.

Journal Entry 3

Last week I attempted both technical exercises as well as tried to convert the text of the websites in my entry above into hyperlinks (I'm not sure if I was entirely successful in that regard). I have found the exercises to be very enlightening, and they reaffirm what I think is one of the key takeaways of this course - that one must at least have a base line understanding of how the internet works in order to have a meaningful conversation about the law governing it. I found technical exercise 2 on Better Browsing Control to be particularly interesting and I wonder why more people don't use such technical workarounds instead of commercial VPNs. Is there a technical constraint in terms of reduced bandwidth or is it simply a case of people choosing convenience over security? Perhaps it is a reflection of people not trusting that their own security measures would be comparable to commercially available ones?

Turning back to the law for a bit, it seems to me that whilst every person in the world would harbor a general expectation (or at least a hope) to some form of privacy, the scope of a legal right to privacy (and whether such a right exists) would certainly vary significantly from country to country. In the US, there is certainly a principle of privacy that runs through the constitutional caselaw even if the express language on the right to privacy is not expressly set out in the Constitution itself (of course my understanding on this may change as we continue our conversation on the 9th Amendment). When I compare that to Singapore, it appears that the focus here centers more on the protection of personal data as opposed to privacy per se (Singapore for instance does not have a common law tort of privacy). I wonder how significant that distinction would be in practical terms. On the one hand, the right to privacy certainly captures a broader conceptual right than merely a protection of personal data. On the other hand though, wouldn't having a extremely broad and robust definition of personal data cover most privacy concerns? My personal take is that Singapore's approach is generally reflective of how our governmental policies lean more on maximizing societal good against individual liberties, and a preference to bright line rules as opposed to general rights.


Navigation

Webs Webs

r3 - 12 Apr 2020 - 02:26:41 - PaulLie
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM