Emails, search histories and other online activities are being monitored to a greater degree than ever before. The US government is increasing its surveillance of average users, while at the same time, laws regarding personal privacy are in various stages of evolution. As a result, internet and communications service providers are tasked with the responsibility of safeguarding personal data against surveillance.
Google’s Transparency Report
According to Google’s annual Transparency Report, there is one clear trend as far as government data requests go. According to Google’s official blog, “Government surveillance is on the rise… Government demands for user data have increased steadily since we first launched the Transparency Report. In the first half of 2012, there were 20,983 inquiries from government entities around the world. Those requests were for information about 34,614 accounts.”
That’s not the only trend the report spotted. In fact, the number of government requests to remove content from our services was largely flat from 2009 to 2011, however in the first half of 2012, researchers noted 1,791 requests from government officials worldwide to remove 17,746 pieces of content.
More information, weaker protections
One outstanding example of a privacy shortcoming is Congress’ failure to update the Electronic Communications Privacy Act (ECPA), which was created over 25 years ago to set basic standards for law enforcement access to electronic communications and associated data.
However, it’s easy to see that today’s digital environment is much different from when the ECPA was created, so the act has become a bit of a mess. According to Digital Due Process, a coalition of privacy advocates, think tanks and major companies lobbying for major changes as far as privacy legislation goes, the ECPA is a
“… patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies. ECPA can no longer be applied in a clear and consistent way, and, consequently, the vast amount of personal information generated by today’s digital communication services may no longer be adequately protected.”
As a result, the gap in legal standards means that major companies such as Google, Amazon, Apple and Facebook, must have their own lawyers to decide whether law enforcement is acting within its authority or in violation of people’s privacy rights.
Burden of Responsibility
Observers point out placing the responsibility of protecting privacy upon private companies is unfair to the companies involved. Part of this has to do with the fact that these companies do not want to be laden with the responsibility in the first place. Furthermore, the individuals who rely on these companies can find themselves dependent upon how a particular company might choose to interpret its legal and practical responsibilities, whilst balancing privacy protection with government regulation.
Ultimately, privacy protection should lie in the realm of Congress. According to Jim Dempsey, vice president of public policy for the Center for Democracy and Technology, “The burden shouldn’t really be on the companies.”
Government Access to Private Data
Federal law remains unclear in the area of government access to content of individuals’’ calendars, email and other content stored online. In light of the General Petraeus scandal, federal prosecutors maintain that they need only issue a subpoena for law enforcement officials to access most online content. Most large companies, such as Google, routinely dispute such attempts, unless prosecutors obtain a court warrant.
According to Dempsey, “To its credit, Google demands a warrant for access to content. If the government tries to get it without a warrant, Google fights back, and a lot of the other big providers fight back. Where the smaller guys stand, it varies all over the board.”
Without clearly delineated checks and balances, online privacy rights issues in the United States are rooted in the resources and the will of the company that happens to hold the online data in question. For law enforcement, it’s ultimately an ongoing battle during investigations into what may be serious crimes, such as terrorism, fraud and child pornography.
This article takes a look at US government surveillance activities, in particular access to online data such as calendars, email and search histories. According to Google’s 2012 Transparency Report, inquiries from government entities into individuals’ online activities are increasing at a rapid rate. However, the unclear, outdated and inconsistent application of privacy legislation seriously complicates the issue.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam, a privacy professional should be comfortable with topics related to this post, including:
- Enforcement of US privacy and security laws – self-regulatory enforcement (I.B.h.)
- Electronic Communications Privacy Act (ECPA) (III.A.b.ii.)
- Compelled disclosure of information (III.C.a.)