On Several Fronts, US Gov't Prepares To Regulate Online Privacy 123
storagedude writes "There are at least five US government efforts underway to regulate data and online privacy, according to a new US government internet policy official, who sees some kind of privacy regulation as likely. Ari Schwartz, who left the Center for Democracy and Technology two months ago to become senior internet policy advisor at the National Institute of Standards and Technology, says issues like Facebook's never-ending privacy concerns are making some kind of a national law or regulation more and more likely. He thinks segregating identity from data isn't enough; the data must then be aggregated after identity is stripped out. He also called for objective measures of privacy compliance."
And one by one... (Score:5, Insightful)
And one by one all the bills will die on the floor as the campaign money comes rolling in.
Too early to know . . . (Score:1, Insightful)
. . . if this is good or bad. It sounds "good" in theory but in execution we might all end-up with boxes tied to our lines that monitor everything we do.
Re:And one by one... (Score:4, Insightful)
Are we sure all 5 of these are actually attempts to -preserve- privacy? Because if not, some of them might survive. "Regulation" to me doesn't mean "protection," skimming TFA didn't really clarify things any, and the bill is incomprehensible to me.
Re:And one by one... (Score:2, Insightful)
Re:And one by one... (Score:4, Insightful)
Facebook's never-ending privacy concerns are making some kind of a national law or regulation more and more likely.
Looks like Facebook isn't ponying up enough lobbyists and campaign contributions. If they'd just do this and data-mine for the government, they'd probably be allowed to do everything they do plus install anal/brain probes on us.
The US government already regulates privacy. (Score:3, Insightful)
As in seeing to it that we don't have too much of it. Think CALEA, for example.
Re:Thank you, Zuckerberg! (Score:2, Insightful)
No, because of non-thinking voters like *you*, we get the heavy hand of government.
Re:Major intrusion (Score:4, Insightful)
He thinks segregating identity from data isn't enough; the data must then be aggregated after identity is stripped out.
I'm no lawyer or anything, but last time I checked, that was the opposite of unmasking anonymous posters.
Re:And one by one... (Score:3, Insightful)
Re:Double edged sword (Score:4, Insightful)
On the other hand, it puts an enormous burden on businesses
Since when did not revealing my personal data become a "burden"?
Re:Double edged sword (Score:4, Insightful)
Re:Stand by... (Score:5, Insightful)
The US government is sufficiently large that there isn't a single entity which can be called "the government". One part may well be genuinely interested in protecting privacy, while another part is doing its best to have the Fourth Amendment repealed. Schizophrenic? Oh yes. It's also part of why trying to make plans on what the regulatory environment will be like in four years a complete crapshoot.
There's also the matter than if the government acquires the ability to specifically regulate privacy on Internet sites (above and beyond the more basic "your Terms of Service say X, you did Y, you are in material breach of contract" which applies to all businesses), this forms precedent that the government has the power to regulate other things... content, access, reporting. Only the DHS and other jackboots would consider this a good thing.
No new law or government entity is needed to enforce compliance with privacy statements. Facebook can be held liable for violating its Terms of Service, and fraud on the basis of saying "we don't do this" when they in fact do (and then profiting from it). We don't need a Department of Enforcing Internet Stuff; we just need a judge, a jury, a plaintiff, and a court date.
Re:Stand by... (Score:3, Insightful)
I think you don't understand what a Terms of Service is. It binds the company to jack shit. There's nothing enforceable in it against the company. What it does is state up front behavior that they expect of you or they'll remove your access. If you need any proof that it's null and void- for a contract to be enforceable, it requires both sides to give up something material (called "consideration"). Terms of Service require no exchange, thus no contract is enforceable in court. The same goes for any "Privacy Policy" they may have.
New laws are absolutely needed to protect privacy, but you're right that they don't need to be internet specific. What we need are laws preventing any company from selling personally identifiable information to any third party in any circumstance. There is no reason to allow them to do so, and no way to protect your personal privacy if you are. Even if you find a company you trust now, all you need is a change in leadership or a trip to bankruptcy court (where they can be forced to sell it as an "asset") to make it null and void. Of course like any law they need to have enough teeth to make it matter. Forcing the Cxx who violates it to go to jail for 5 years without parole ought to be sufficient.
Re:Don't worry (Score:3, Insightful)
What's needed are laws that make keeping data beyond their immediate purpose a strong liability. We should be able to sue any company which has some information about us without having an immediate relationship with us. We should be able to sue any company which used to have a relationship with us, but no longer does and still keeps that information for their records, either for convenience or any other purposes.
We need data protection standards and legal auditing requirements to check that corporate IT systems can completely erase any customer's collected information, and serious fines and criminal penalties in case things don't add up, just like for tax evasion.
International visitors, sites and jurisdictions (Score:3, Insightful)
I understand that the US government can regulate the interaction between US citizens and US companies, and that it can also regulate US citizens and US companies each in their own right.
But if series-of-facetubes.dk (a hypothetical Danish company, operating in Denmark, privately owned by a Danish citizen) became the hot new social network, the US gov. can't really regulate it, can it? Of course, the US can always threaten to "bring democracy" to Denmark if we aren't obedient enough, but that would be kind of iffy.
So... given that any regulation can only give incomplete results, the point of it is... the incomplete results? I.e. "They're better than nothing"? Granted, some of the biggest perceived privacy threats are american (google, facebook).
Just a thought: whenever anyone wants to regulate the internet, ask yourself "how will this work, internationally?"
Re:And one by one... (Score:3, Insightful)
Incomprehensible is fine. If it were readable, then politicians might have to actually do just that.
Ownership rights (Score:4, Insightful)
This crap is never going to stop until we clearly define who owns what data. Out current system says any data you collect is yours to do with as you please. I think we, as a society, need to change the definition. Henceforth, as proclaimed by me and everyone else that agrees, I am the sole owner of any and all data about myself. Sometimes we may share data, such as when I owe you money, but beyond that everything about me is mine, my location, purchases, height, weight, finger prints, DNA, medical history, library usage, bank balance and transactions, mood........ You may find you know some of these things about me. If you do, keep it to yourself and don't be caught recording it or selling it or aggregating it or I can sue you for theft of personnel data. All we need to do do is change the definition and this becomes possible.