Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword
Like this
2Activity
×
0 of .
Results for:
No results containing your search query
P. 1
Government Access to Private-Sector Data

Government Access to Private-Sector Data

Ratings: (0)|Views: 1,434|Likes:
Published by ndaru_
Forthcoming in IEEE Security & Privacy
Privacy Interests
Government Access to Private-Sector Data
Fred H. Cate
Indiana University
Forthcoming in IEEE Security & Privacy
Privacy Interests
Government Access to Private-Sector Data
Fred H. Cate
Indiana University

More info:

Published by: ndaru_ on Jan 10, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

01/10/2011

pdf

text

original

 
 Forthcoming in IEEE Security & Privacy
Privacy Interests 
Government Access to Private-Sector Data
Fred H. Cate
 Indiana University
G
overnments around the world are demonstrating a growing appetite for personal information held by the privatesector. Public-sector interest in private-sector data is nothing new. Governments have long sought access to privateenterprise data to administer social service programs,
 
tax schemes, business and professional licenses, voterregistration, vital records about major lifecycle events, and public infrastructure. They have also sought access totargeted data for law enforcement and national security purposes.But the new voraciousness for private-sector data is reflected in expanding demands for wholesale access toinformation, and not just about individuals who warrant suspicion but about everyone. Furthermore, this demand issupported by the extraordinary growth of digital technologies that can record, store, and share electronicallyindividuals’ records, communications, movements, finances, relationships, and even tastes.
A Growing Demand
We’ve recently seen an explosion in the demand for private-sector data:
 
India, Saudi Arabia, United Arab Emirates, Lebanon, and Indonesia have all demanded real-time accessto Research in Motion’s Blackberry Enterprise and Messenger services, so they can have access tootherwise encrypted communications.
1
 
 
The US Treasury has announced its intention to move beyond the 1.3 million
 
suspicious activity reportsand 14 million reports on international money transfers of more than US$10,000 that it currentlyreceives each year. Instead, it will require disclosure of all 750 million annual money transfers into orout of the US.
2
 
The US Transportation Security Administration has implemented its Secure Flight
3
and AutomatedTargeting Systems
4
programs, which require that all airlines—irrespective of their location—mustcollect and report personal information about passengers on flights into or out of the US.
 
Governments in Europe and elsewhere have created mandatory data-retention laws, giving governmentsaccess to private-sector data even after the information would normally have been discarded.
5
 
The US Federal Bureau of Investigation is seeking an amendment to the Communications Assistance toLaw Enforcement Act that would require social networking companies and peer-to-peer providers, suchas Facebook, Twitter, and Skype, to give law enforcement access to private information. Theamendment would also require firms that offer encrypted communications to decrypt the text for lawenforcement.
6
 
Google has begun disclosing the number of demands for user data that it receives from governmentagencies. Brazil and the US top the list, which altogether includes 13,700 requests during the first sixmonths of 2010 (see www.google.com/transparencyreport/governmentrequests/).
 
The US, UK, and other countries have asserted the legal right to seize laptops and other computingdevices at the border, copy their contents, and require access to encryption keys without articulating anysuspicion or providing access to counsel.
7
 This is just a sampling of the recent expansion in the access that governments want. Each month brings newdemands as governments seek to expand their reach and individual data become more exposed to governmentscrutiny.
 
2
A Shift in Surveillance
Law enforcement and national security officials claim that increased access to personal data from the private sectoris necessary to keep pace with changing technologies and to keep cyberspace from “going dark”—a term officialsuse to describe an online world in which the bad guys can communicate free of surveillance. But there’s strongevidence that these new data dragnets are qualitatively different and seek information never before subject to routinegovernment scrutiny. Consider four critical distinctions from past surveillance techniques.First, more data than ever are created and stored in digital form. As Stanford law professor Kathleen Sullivan haswritten, “Today, our biographies are etched in the ones and zeros we leave behind in daily digital transactions.”
8
Sogovernment officials now routinely access data that didn’t even exist two decades ago.Second, they’re seeking data about everyone—not just those who are targets of investigations. Scholars oftennote that one of the primary motivators behind the Fourth Amendment—the primary constitutional limit in the USon the government’s ability to obtain personal information about individuals—was the hostility to “generalsearches” by British troops, which weren’t based on specific suspicion. Yet general searches are the raison d’etre of many government data programs, which collect and analyze vast swaths of data about individuals who have donenothing to warrant the government’s suspicion.Third, in most instances today, governments seek personal data without judicial oversight. And because of theunderstandable secrecy that surrounds many data mining programs, legislative or popular oversight is oftennonexistent or ineffective. The Lisbon Treaty has gone far to reduce distinctions between first-, second-, and third-pillar activities in the EU, thereby eliminating some of the barriers to oversight by data protection commissioners inEurope. However, limits on the commissioners’ jurisdiction over national security activities and on their practicalability to oversee other government data mining programs has tended to reduce the practical effectiveness of thisoversight.Finally, because data are increasingly collected via the private sector and without notice to affected individuals,the role of the individual has been starkly reduced. In years past, the government might physically follow a suspector search his or her home, thereby creating at least the possibility (and often the legal requirement) for notice and anopportunity to object, whether through a judicial, legislative, or other process. Today, surveillance is far morecommonly conducted through cell phone service providers or GPS transceivers, thereby eliminating the opportunityof individuals to be aware of, much less object to, the activity.In his 1971 book,
 Assault on Privacy
, Harvard law professor Arthur Miller warned of the “possibility of constructing a sophisticated data center capable of generating a comprehensive womb-to-tomb dossier on everyindividual and transmitting it to a wide range of data users over a national network.”
9
His fear seemed far-fetched atthe time. Today, it’s much closer to reality.But privacy doesn’t have to be sacrificed as a result. The risk of terrorists and other criminals exploiting the“dark” world of cyberspace to plan and execute attacks might mean that governments need greater access topersonal data from the private sector and elsewhere. However, this doesn’t have to mark the death of privacy or itstrivialization into notices telling us that we have no privacy rights vis-à-vis the government when communicating,traveling, banking, or even walking down the street. Privacy advocates, scholars, data protection commissioners, andothers have repeatedly stressed that privacy need not be eliminated just so we can be free and that if eliminated,we’ll never be free.
Protecting Privacy
Several recommended “best practices” have emerged
10–15
that lawmakers around the world would do well toconsider. Although the proposals differ in their details, there is broad consensus that government programs designedto collect and use private data—especially from the private sector and without reason for suspicion—should at aminimum require the following.
 
 
3
Explicit Authorization
The legislature or a senior elected official should authorize such programs based on an assessment of their likelyefficacy and compliance with legal requirements and only after confirming a high level of oversight andaccountability.
Legal Compliance
Programs should remain in compliance with the law both when accessing data and engaging in data mining. Also,the government shouldn’t encourage or press private-sector entities to violate their legal obligation when providingdata to the government.
Ongoing Evaluation
The government should evaluate programs for effectiveness in accomplishing specified objectives prior to deployingthem and regularly thereafter. The assessments should consider practical experience with the system, technologicaladvances, changing needs, and the impact on individuals. However, the underlying goal should be to assess whetherthe data collection or analysis works to effectively address a real threat.
 //Okay?// 
If not, any invasion of personalprivacy is unjustifiable.
Data Integrity
The government must carefully consider the appropriateness of the data for the intended use, especially when beingaccessed from the private sector and repurposed. It should also define a system for ensuring that data are kept up todate, accurate, and relevant.
Access Limitations
We need limits on who can access large datasets (and for what purposes) and tools to enforce those limits. Rulesshould be built into data analysis systems that ask an analyst, for example, to specify his or her legal authorizationfor requesting data or conducting a search.
16
 
External Authorization
Before the government creates new data collection requirements or engages in mass surveillance, it should receivesome form of judicial or other external authorization. This is especially important if the personally identifiableinformation will be used in a way that affects individuals, such as by denying or delaying access to a facility orbenefit or subjecting them to an intrusive investigation. The specific body providing the oversight is less importantthan that the authorization be external to the agency engaging in the data collection and specified by the legislature.
Data Minimization
Data minimization and anonymization and other tools should limit the amount of information revealed to onlywhat’s necessary and authorized. This has been a major focus of the Markle Foundation Force on National Securityin the Information Age, which has proposed that “anonymizing technologies could be employed to allow analysts toperform link analysis among data sets without disclosing personally identifiable information. By employingtechniques such as one-way hashing, masking, and blind matching, analysts can perform their jobs and search forsuspicious patterns without the need to gain access to personal data until they make the requisite showing fordisclosure.”
13
 
Audits
Audit tools should ensure that the rules surrounding data collection and use are being followed.
System of Redress
Innocent individuals harmed by the use of their personal information need a system of redress so they’re madeaware of the role of data analysis, given the opportunity consistent with the nature of the setting to dispute and seek correction of erroneous data, and compensated for any injuries. The system must also ensure that data analysisprograms log any errors and “learn” from such errors. False positives are inevitable, so they must be addressed bothin terms of recourse for the affected individuals and tools for avoiding them in the future.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->