Privacy Activists Are Cheering For The NSA Ruling, But It Won't Be A Lasting Victory

Privacy is on trial in the United States. Legal activist Larry Klayman asked US District Judge Richard J. Leon to require the NSA to stop collecting phone data and immediately delete the data it already has. His argument was that US citizens have a right to privacy and this is a violation of the Fourth Amendment of the Constitution protecting citizens from illegal search and seizure. Monday's ruling that this practice is unconstitutional has privacy activists cheering in the streets, but it will not be a lasting victory.  

In the United States, there is not a single privacy law on the books. (You can argue that HIPAA is a privacy law, but nuances exist that can lessen its impact.) What is protected has come from judgments based on the application of the Fourth Amendment regarding search and seizure. US citizens were given "privileges,” thanks to Richard Nixon, which say we have an expectation of privacy when using a phone, which basically means that the government has to get a warrant for a wiretap. (It’s worth noting that in the UK, they don’t get that privilege.)

Data is up for grabs. And everyone is grabbing.

The reality is that ISPs do not legally owe you privacy – your personal information is their business data. To pave the way for unbounded sharing of business data with the NSA, the US Patriot Act provides legal protection for ISPs to keep them from being sued by third parties when they disclose that data. The Patriot Act also requires a nondisclosure agreement between ISPs and federal law enforcement authorities, to ensure that the company does not notify customers that their data has been requested and provided. So, forget about suing your service providers – it’s not your data, and federal law protects them on all sides of the argument. The obvious effect of the ISP indemnity provided by the Patriot Act is that it allows companies to have privacy policies that essentially do nothing to protect the consumer. Sure, ISPs won’t share your personal data with third-party marketers (unless you forget to uncheck the box that allows them to do exactly that), but they are compelled to share it with federal law enforcement, and you won’t see that in any of their policies.  

In the end, Judge Leon ruled that the NSA must stop collecting the data and immediately erase all of the data that it currently stores. Then, he put a stay on his ruling, during appeal, due to national security concerns. He can't make up his mind about how useful the data is to protecting the country and isn't willing to take the risk of not collecting it. 

This leaves me wondering who’s worse – the NSA or Facebook.  According to Facebook’s privacy policy, your personal photos of  family and friends are Facebook's intellectual property, to do with as they wish, until such time as you delete it. If they wanted to, they could become the world’s largest stock photo company with none of their own data and you would never get any royalties. That is their “privacy” policy and it protects us from nothing, especially not them. 

The NSA’s collection of data is not a Fourth Amendment issue. If you read the opinion you will find it to be a very descriptive, plain English, and sometimes hilarious explanation of the data collection that has been going on for the past seven years… and will almost certainly continue to go on. 

Comments

Privacy Law

>In the United States, there is not a single privacy law on the books.
Au contraire. There is a Privacy Act of 1974. http://www.justice.gov/opcl/privstat.htm

It was enacted at a time when it was discovered that the US Government, in various methods, was spying on US citizens. There was a Senate commission ran by Frank Church that disclosed all the various abuses that the Government was performing in invading peoples' privacy. This is all well documented.

Now the problem with the Privacy Act is that the ability to collect and process information has increased thousands of times above what it was in 1974. It also is scoped solely to Government agencies and not private-sector organizations such as companies and non-profits.

The road for the future should be:
Update the Privacy Act to digital standards
Fill the legislative gap for non-government privacy
Schedule a decennial privacy commission to study the new ways that the Government is collecting and using information

Post new comment

If you have an account on Forrester.com, please login.

Or complete the information below to post a comment.

(Your name will appear next to your comment.)
(We will not display your email.)