Forgot your password?
typodupeerror
Government Privacy Facebook Social Networks The Internet United States Your Rights Online

On Several Fronts, US Gov't Prepares To Regulate Online Privacy 123

Posted by timothy
from the learn-from-the-experts dept.
storagedude writes "There are at least five US government efforts underway to regulate data and online privacy, according to a new US government internet policy official, who sees some kind of privacy regulation as likely. Ari Schwartz, who left the Center for Democracy and Technology two months ago to become senior internet policy advisor at the National Institute of Standards and Technology, says issues like Facebook's never-ending privacy concerns are making some kind of a national law or regulation more and more likely. He thinks segregating identity from data isn't enough; the data must then be aggregated after identity is stripped out. He also called for objective measures of privacy compliance."
This discussion has been archived. No new comments can be posted.

On Several Fronts, US Gov't Prepares To Regulate Online Privacy

Comments Filter:
  • by Anonymous Coward on Thursday October 21, 2010 @05:50PM (#33980854)
    They are going to try to unmask anonymous first posters, and fine them.
  • Stand by... (Score:2, Flamebait)

    by fiannaFailMan (702447)

    ... for the "one more step to big government dictatorship" speech in 5-4-3-2-1...

    • Re:Stand by... (Score:5, Interesting)

      by EdIII (1114411) on Thursday October 21, 2010 @06:36PM (#33981292)

      That sounds a little bit sarcastic.

      It may not be a step towards government dictatorship, but it is a step towards an environment where an oppressive government could germinate rather quickly. Or did you mean government dictatorship in the context of regulations and Big Government?

      My first thought was that this is like having the fox guard the hen house. Considering how far the government has gone in the last 20 years to eliminate our rights to privacy, anonymity, and free communications in general I find it rather curious they are stepping up to protect us from Mr. Zuckerburg and evil Google.

      They are the least of my worries. After all, I am not forced to deal with them.

      While the government starts to create regulations that affect companies like Facebook and Google, I wonder why we so quickly forget its intentions to secure access to all encrypted voice communications? That development was quite recent, but let's forget that and talk about how people can see what I am doing with my chickens in Farmville. That is far more important right?

      • Bang on schedule.

      • Re:Stand by... (Score:5, Insightful)

        by Caerdwyn (829058) on Thursday October 21, 2010 @07:43PM (#33981766) Journal

        The US government is sufficiently large that there isn't a single entity which can be called "the government". One part may well be genuinely interested in protecting privacy, while another part is doing its best to have the Fourth Amendment repealed. Schizophrenic? Oh yes. It's also part of why trying to make plans on what the regulatory environment will be like in four years a complete crapshoot.

        There's also the matter than if the government acquires the ability to specifically regulate privacy on Internet sites (above and beyond the more basic "your Terms of Service say X, you did Y, you are in material breach of contract" which applies to all businesses), this forms precedent that the government has the power to regulate other things... content, access, reporting. Only the DHS and other jackboots would consider this a good thing.

        No new law or government entity is needed to enforce compliance with privacy statements. Facebook can be held liable for violating its Terms of Service, and fraud on the basis of saying "we don't do this" when they in fact do (and then profiting from it). We don't need a Department of Enforcing Internet Stuff; we just need a judge, a jury, a plaintiff, and a court date.

        • by iluvcapra (782887)

          The US government is sufficiently large that there isn't a single entity which can be called "the government".

          For no purpose is the reduction of "the government" to a single entity useful.

          Facebook can be held liable for violating its Terms of Service, and fraud on the basis of saying "we don't do this" when they in fact do (and then profiting from it).

          Only if an offended party brings suit, and they'll only do that if they can find evidence. What's being suggested here is recognizing the violation of onlin

        • Re: (Score:3, Insightful)

          by AuMatar (183847)

          I think you don't understand what a Terms of Service is. It binds the company to jack shit. There's nothing enforceable in it against the company. What it does is state up front behavior that they expect of you or they'll remove your access. If you need any proof that it's null and void- for a contract to be enforceable, it requires both sides to give up something material (called "consideration"). Terms of Service require no exchange, thus no contract is enforceable in court. The same goes for any "

        • Re:Stand by... (Score:4, Informative)

          by jbonomi (1839286) on Thursday October 21, 2010 @09:17PM (#33982270)

          The US government is sufficiently large that there isn't a single entity which can be called "the government". One part may well be genuinely interested in protecting privacy, while another part is doing its best to have the Fourth Amendment repealed. Schizophrenic? Oh yes.

          Hey! That's not what schizophrenic means! You should instead have said "Does the US government appear to have dissociative identity disorder? Oh yes."

          • by mcgrew (92797) *

            Well, considering that the Federal Government (House, Senate, and President) hallucinated WMDs in Iraq, I'd say that they have schizophrenia. I'd also say the government has DID, ADD, and if you've ever seen legislators debate, bipolar disorder.

            Crazy shit. We're screwed, dude.

          • by minchazo (1548055)

            Hey! That's not what schizophrenic means! You should instead have said "Does the US government appear to have dissociative identity disorder? Oh yes."

            You're just mad because the voices talk to ME!

          • by Caerdwyn (829058)
            Part of me agrees with you, but part of me doesn't.
        • by besalope (1186101)

          The US government is sufficiently large that there isn't a single entity which can be called "the government".

          Exactly. Instead we have the Ministry of Love, the Ministry of Peace, the Ministry of Plenty, and the Ministry of Truth.

      • Re: (Score:2, Informative)

        by curt_k (533018)
        I'm kind of amazed at the image used here -- the fox guarding the henhouse. Wouldn't that image best apply to Google assuring us they'll do no evil?

        Quite contrary to the business propaganda, Adam Smith spelled this out Way Back When: the invisible hand needs a counter to it, and that's democratic, public government. "Unless government takes pains to prevent it..." http://books.google.com/books?id=-mxKAAAAYAAJ&pg=PA163&dq=unless+government+takes+some+pains+to+prevent&hl=en&ei=Ku_ATM3jE4y [google.com]
      • by jhol13 (1087781)

        I think it is good that government makes some rules how Facebook stores your personal information.

        I have seen far too many cases of how not to do it, how not to store passwords, social security numbers, medical history, purchase history, etc.

        Sure "feeding the starving children" is more important, but it does not mean I am willing to allow Google to do whatever it feels is best just because "I am not forced to deal with them".

      • by scruffy (29773)

        I find it rather curious they are stepping up to protect us from Mr. Zuckerburg and evil Google. They are the least of my worries. After all, I am not forced to deal with them.

        But you are compelled (or nearly so) to deal with banks, insurance companies, and employers, all of which seem happy to use your private information against you.

  • And one by one... (Score:5, Insightful)

    by Jaysyn (203771) <jaysyn+slashdot@ ... m minus math_god> on Thursday October 21, 2010 @05:52PM (#33980876) Homepage Journal

    And one by one all the bills will die on the floor as the campaign money comes rolling in.

    • by interkin3tic (1469267) on Thursday October 21, 2010 @06:03PM (#33980990)

      Are we sure all 5 of these are actually attempts to -preserve- privacy? Because if not, some of them might survive. "Regulation" to me doesn't mean "protection," skimming TFA didn't really clarify things any, and the bill is incomprehensible to me.

      • Re: (Score:2, Troll)

        by Pharmboy (216950)

        Are we sure all 5 of these are actually attempts to -preserve- privacy?

        I'm sure they are all designed to protect privacy, in the same manner as the L.A. Police were trying to preserve the peace when they pulled over Rodney King. Subjective, perhaps, but in someone's eyes, I'm sure they are all "good" bills.

      • Are we sure all 5 of these are actually attempts to -preserve- privacy?

        Of course not. It's an attempt at featherbedding the bureaucracy with another toothless department, whose main purpose is to collect political "donations" to be laundered during the election cycle. Close to 2 billion on this one so far... not too shabby

      • Re: (Score:3, Insightful)

        by aztektum (170569)

        Incomprehensible is fine. If it were readable, then politicians might have to actually do just that.

      • by rtb61 (674572)

        Rich people want privacy too and the way the laws work one in all in, it means there will be a lot of people that will demand far stronger privacy laws, anti-data mining laws and, protection of minors privacy and identities. Additionally held data reports to individuals, corporations should be required to report to all individuals for who they have information on, the nature of that information, the details contained therein and, give the individuals the right to correct and or delete that data and, this s

    • Re: (Score:3, Interesting)

      by Jah-Wren Ryel (80510)

      And one by one all the bills will die on the floor as the campaign money comes rolling in.

      One will stand. The one that ends up with language that protects corps which invade people's privacy.

    • by blair1q (305137)

      I wonder if anyone's patented that business model.

      1. Propose sweeping legislation affecting profitability of large corporations.
      2. ???
      3. Profit!

      • by Sulphur (1548251)

        I wonder if anyone's patented that business model.

        1. Propose sweeping legislation affecting profitability of large corporations.
        2. ???
        3. Profit!

        At least some Politicians have that business model.
        Do you think that lobbyists will pay if there is no threat?
        How many are in it for Good Government?

    • Re: (Score:2, Insightful)

      by Ocyris (1742966)
      They'll just package it with the backdoor mandate the NSA wants. It'll pass under some title like "The Citizen Privacy, Security and Safety Act" because how could someone possibly oppose those?
      • by Haedrian (1676506)
        No no, all the American important bills have AWESOME acroynms - you know like PATRIOT and stuff like that.

        So I suggest: Privacy Regulations Over Facebooks & Internet Technology

        To reflect all the lobbying which will shoot down most of the bits except the ones which involve making money.
      • Or "PRIVACY" -- Privacy Restrictions In Violation of All Constitutional Yada-yada

        Sorry. "Y" is a tough one.

    • by pitchpipe (708843) on Thursday October 21, 2010 @06:10PM (#33981066)

      Facebook's never-ending privacy concerns are making some kind of a national law or regulation more and more likely.

      Looks like Facebook isn't ponying up enough lobbyists and campaign contributions. If they'd just do this and data-mine for the government, they'd probably be allowed to do everything they do plus install anal/brain probes on us.

    • Re: (Score:3, Insightful)

      by Presto Vivace (882157)
      And one by one all the bills will die on the floor as the campaign money comes rolling in. My concern is that they will be amended to mean the opposite of privacy.
  • . . . if this is good or bad. It sounds "good" in theory but in execution we might all end-up with boxes tied to our lines that monitor everything we do.

    • Too late, AT&T, Comcrap, and every ISP already feeds all the data they move from their cores right out to the NSA. For "National Security." Bush signed your privacy away and Obama is keeping it status quo. Feel safer now? Yeah, me neither.

      • by Jarza (1622325)
        You do realize that the equipment to do this was already under development before the Clinton administration and they were the ones to install and switch it on.
    • by alienzed (732782)
      honestly, this is the ONLY way things can be. If you want to hide something, I want to know what it is.
    • You know the quote: If it sounds too good to be true, it probably is.

      Expect any privacy protection legislation to be poisoned to the point of uselessness (think "... to protect the rights of terrorists and paedophiles." on the end of every sentence).
  • ...except from itself.

  • On the one hand, such legislation would definitely be welcome in this current environment of information free-for-all. We could finally have some benchmark against which we could judge whether companies (and governments!) were properly addressing security and privacy concerns.

    On the other hand, it puts an enormous burden on businesses, especially in the still nascent online business sector where we are far from seeing market maturity. Laws like this put a massive damper on technology improvement and force a

    • by blair1q (305137)

      In 5 years without regulation your name would be Oracle_User_Entity_e45feb7a895abe88:0.1.

      You want this now.

      • Re: (Score:2, Funny)

        by BadAnalogyGuy (945258)

        I don't want to hamstring American businesses while the industry is still in its infancy.

        • by s73v3r (963317) <s73v3r AT gmail DOT com> on Thursday October 21, 2010 @07:28PM (#33981698)
          Yes, yes you do. Not all industries start out with good practices. Better to tell them they can't do the bad stuff from the beginning, rather than them becoming dependent on doing the shitty stuff, and being unable to stop them without causing the industry to go tits up. While the industry is young, it can still evolve. Not so much after a while.
        • B-M-W (Score:2, Interesting)

          by Anonymous Coward

          I don't want to hamstring American businesses while the industry is still in its infancy.

          Just exactly what business is it that you believe might be 'hamstrung' by any legislation that might protect my privacy, and what good would such business possibly serve if it trades on my right to said privacy? Why should I care about any business person that might seek to trade on my personal information... WAIT THAT'S IT!!

          All that would be REQUIRED in such legislation is that every online business that tracks it's user's data, habits, behavior or the like, include the details of it's intent, methods, dat

    • by c0lo (1497653)

      We could finally have some benchmark against which we could judge whether companies (and governments!) were properly addressing security and privacy concerns.

      We could but we won't. It is more likely to be: your data is private, but not from us, the govt and law enforcement. And that's for your own good and protection.

    • by s73v3r (963317) <s73v3r AT gmail DOT com> on Thursday October 21, 2010 @07:26PM (#33981682)

      On the other hand, it puts an enormous burden on businesses

      Since when did not revealing my personal data become a "burden"?

      • Re: (Score:2, Informative)

        by lgw (121541)

        Don't you mean "since when did proving to the auditor that I am in complaince with 200 pages of regulations" become a burden? Have you ever done PCI compliance? Regulatory compliance is significant burden on a start up and that's the point. Established corporations love endless regulations, as that means there will never be a startup to shake up thier stone-age ways, and eventually the corps just start writing the regs themselves. This is called "regulatory capture", and it's how liberals make oligopoli

        • by s73v3r (963317)
          If they can't prove that they are in compliance, and not releasing user data improperly, then maybe they should have chosen a different business.
          • by lgw (121541)

            So you're saying that Facebook should be the only site of it's kind, and all the open source work in that area should be illegal? Nice.

            • by s73v3r (963317)
              Fuck no. But if you're going to do it, you damn well better be able to do it right. Whether or not the code is open source is irrelevant; compliance falls on the people actually running the servers.
              • by lgw (121541)

                That's not how legal compliace actually works, is the thing. Code review (and unit test) process is part of the audit criteria for some of this stuff. And you're not audited against any rational, sensible goals like "protect the users data" - no, it's compliance with hunderds of pages of arbitrary regs, which may include buying equipment produced only in some congresscritter's district.

                There's just world of difference between "people ought to do X" and "let's pass a law".

        • by compro01 (777531)

          I think I now know why Americans think the federal government has such a level of intrusiveness on their daily lives. They attribute to government any restriction, regulation, or social convention they don't like, regardless of whether the government has anything at all to do with it.

          PCI has nothing to do with the government. It's a standard implemented by the Payment Card Industry Security Standards Counsel, which is an industry group of Visa, Mastercard, American Express, etc.

          • by lgw (121541)

            More /.ers are familiar with PCI compliance than most of the government stuff. Point taken though: HIPAA would have been a better example.

        • by svendsen (1029716)
          How is the parent a troll? I've been involved in clinical drug trials, pharma, health care, and a few other health sector businesses. The amount of time and money required to prove you are in compliance is HUGE! At one clinical drug trial comapny they were hundreds of people whose only job was to ensure compliance with all the regulations. lawyers, auditors, etc. Big bucks.

          Right now in the health insurance industry we are having to hire a lot of external lawyers just to figure out how to comply with
      • by Haedrian (1676506)
        Since people wanted to make profits out of it.
  • Privacy regulates you!

  • by Anonymous Coward

    If the Federal Government cares about privacy, they can demonstrate it by telling the people running Medicare to stop violating USC 42 1395b by suggesting to private insurers that they should refuse to insure customers who don't want to give their Social Security Numbers.

  • by John Hasler (414242) on Thursday October 21, 2010 @06:16PM (#33981132) Homepage

    As in seeing to it that we don't have too much of it. Think CALEA, for example.

  • Don't worry (Score:4, Interesting)

    by davegravy (1019182) on Thursday October 21, 2010 @06:17PM (#33981142)

    Maybe Facebook's, sure, but rest assured that the government won't limit their own ability to spy on you

    • Re: (Score:3, Interesting)

      by PapayaSF (721268)
      This initiative is especially amusing coming shortly after this innovation from Obama's Organizing for America [barackobama.com]. Click the link and (unless you get an error) you'll get a page based on your location, with the phone number of a voter to call. You get the name, age, gender, city, and party ID. You're supposed to read a short push-poll from a script, get their opinions of the President and his policies, and report on the person's response. No potential for abuse there, having political opinions linked to indivi
  • impossible... It's simply too easy to siphon off information without anybody knowing about it.

  • Don't post personal stuff online.

    I have nothing online that I am concerned with someone finding out about. It is the World Wide Web. It is not your personal intranet! All the information is out there anyway if you know where to look.
  • clearly the free market will solve this problem~

  • by bmo (77928) on Thursday October 21, 2010 @07:57PM (#33981852)

    The EU and the Brits figured this out long ago. The British data protection act is a model of privacy protection that we should have emulated. But that was in the day that the world wide wibbley web was still very immature and back when moneyed interests weren't as powerful. Now there's so much inertia for data mining the web that this will never see the light of day outside any Senate or House committee.

    --
    BMO

    • by Anonymous Brave Guy (457657) on Thursday October 21, 2010 @09:32PM (#33982336)

      The British data protection act is a model of privacy protection that we should have emulated.

      Actually, the DPA offers fairly poor privacy protection. It doesn't require opt-in before tracking personal data, for example, nor does it give you any right to demand that personal data held about you be removed from a system as long as that data is actually correct. In fact, it doesn't really offer any privacy guarantee at all in the traditional sense; we rely more on the provisions of the European Convention on Human Rights for such privacy protection as we do have.

      The real problem we have today is that in a world with massive databases, fast and cheap communications via the Internet, etc., traditional privacy standards don't actually protect the things they used to in any meaningful way. We need to consider why privacy is important, and establish social and legal norms that protect what matters, instead of trying to somehow adapt ideas that are decades out of date as if they are still going to protect individuals from abuse by larger and more powerful organisations today.

  • This might be good if limited to the kinds of information sharing that takes place without the user's knowledge, but I can easily see how it would turn out not to be such a good thing if the law catered to those who aren't cautious enough to protect their own privacy.

    One example of a feature I consider useful that others might not is Amazon's suggestion system. In my case I actually want Amazon to suggest new books to me, and the only way it can do that is to collect information about the books that I and o

  • My online privacy would be helped far more by an end to warrantless wiretapping and data collection by the government. If I don't like Facebook's privacy protections I can just not use it. There's no opt-out for the NSA.
  • Last time I checked, Facebook wasn't going to reveal any information about me that I didn't put there to begin with. So now instead of simply telling people DON'T PUT ANYTHING ON THE INTERNET THAT YOU DON'T WANT PEOPLE ON THE INTERNET TO SEE, we have to have another set of 500 page regulations that no one will understand, that no one voting on them will even read before voting, and that will end up having some messed up consequences down the road. That makes sense. Your tax dollars at work, folks.

    Okay, I

  • Dont be fooled, the corporations and governments will craft legislation to give them all the power they want to collect all the data they want, think: national security.

    What Privacy Acts really do, In countries like Canada, is protect the governments and protect the corporations.
    its so simple
    "sorry we cant release that information because it would violate the persons privacy"

    Executives, Politicians, Middle Managers, Bureaucrats, they are all people too, they all have a right to privacy, right?
    customer comp

  • I understand that the US government can regulate the interaction between US citizens and US companies, and that it can also regulate US citizens and US companies each in their own right.

    But if series-of-facetubes.dk (a hypothetical Danish company, operating in Denmark, privately owned by a Danish citizen) became the hot new social network, the US gov. can't really regulate it, can it? Of course, the US can always threaten to "bring democracy" to Denmark if we aren't obedient enough, but that would be kind of iffy.

    So... given that any regulation can only give incomplete results, the point of it is... the incomplete results? I.e. "They're better than nothing"? Granted, some of the biggest perceived privacy threats are american (google, facebook).

    Just a thought: whenever anyone wants to regulate the internet, ask yourself "how will this work, internationally?"

    • I say, leave that to the open market. Each an every buyer beware of tho is complying to what country's laws and choose the site you use based on that. Also have choice to use a free site with 'audit lite' or a premium site with 'full audit'.
  • Ownership rights (Score:4, Insightful)

    by tombeard (126886) on Friday October 22, 2010 @01:19AM (#33983136)

    This crap is never going to stop until we clearly define who owns what data. Out current system says any data you collect is yours to do with as you please. I think we, as a society, need to change the definition. Henceforth, as proclaimed by me and everyone else that agrees, I am the sole owner of any and all data about myself. Sometimes we may share data, such as when I owe you money, but beyond that everything about me is mine, my location, purchases, height, weight, finger prints, DNA, medical history, library usage, bank balance and transactions, mood........ You may find you know some of these things about me. If you do, keep it to yourself and don't be caught recording it or selling it or aggregating it or I can sue you for theft of personnel data. All we need to do do is change the definition and this becomes possible.

    • by TheSpoom (715771)

      It's not theft if you give it to them.

    • Re: (Score:2, Informative)

      by EmagGeek (574360)

      This works except for the plain view doctrine. Any information that is available in plain view, which when adapted to the context of the modern Internet include any information that you put in a publicly viewable site such as Slashdot, is free for use by anyone who can see it.

      In real terms, if you leave your house, anyone can see what color your skin is. They cannot be prohibited from communicating that information to someone else. You cannot tell someone they are not allowed to know that which they can see

      • The problem is that being in my Facebook account should be considered as being in my house from a legal standpoint. Any company that builds a framework for anything that involves authentication should imply inherent rights for the user. Currently it is not this way. All of the internet is considered 'being outside' because laws are not keeping up to technology and for internet services to become useful and safe we must mature past this philosophy.
        • One more thought. Just because a company built my house, it doesn't give them a right to go in and look at my stuff once I'm living in it.

New crypt. See /usr/news/crypt.

Working...