Participants from throughout the world are gathered in Vilnius, Lithuania, this week for the fifth-annual Internet Governance Forum.
The IGF is an annual United Nations-sponsored event where representatives from governments, nonprofits, academic institutions, and businesses worldwide discuss a broad range of policy issues including online safety, privacy, rights of children, equality issues and other topics pertaining to the way the Internet is affecting every country.
The goal of IGF is “to foster the sustainability, robustness, security, stability and development of the Internet.”
In addition to covering the event, I’m on a panel about the youth safety implications of location-based services via GPS-enabled mobile phones.
One opening day panel was about “The Future of Privacy,” where speakers looked at data retention and other privacy issues from a European and American perspective.
Among the issues discussed was the question “should there be an expiration date on personal information?” — or as one participant put it, “the right to be forgotten.”
I’m not sure I completely agree. While I do support the idea of limiting the amount of time that companies can store data on individuals, I don’t think that all Internet records should be purged just because a certain amount of time has passed.
If a politician, for example, makes a statement when running for public office and then runs for other offices years later, voters in that subsequent election deserve to know his or her record. It might, however, make sense to give adults the right to purge anything said about them from before they were 18, just as we usually purge criminal records of young offenders.
Although I didn’t have to go all the way to Eastern Europe to listen to a speaker from San Francisco-based Electronic Frontier Foundation, I was most interested in comments from EFF’s Senior Staff Attorney Kevin Bankston.
Bankston outlined what he called three outdated privacy dichotomies.
The first is the notion — codified in U.S. law — that data stored in your own home or office computer deserves a higher level of privacy protection than data stored “in the cloud,” or any type of Internet-based storage system including services like web e-mail. The “cloud” is for all practical purposes an extension of your desktop computer, so providing the government with easier access to cloud data than data stored on personal hard drives makes no sense.
Another old fashioned dichotomy is real time wiretapping vs. surveillance of past communications. Bankston said that it’s easier for law enforcement to get access to five years’ worth of past e-mail than to get a wiretap order to listen to phone conversations for the next 30 days. Bankston argues that access to past e-mails may provide a lot more information about you — including things that are likely to have nothing to do with an actual criminal investigation — than a month’s worth of phone calls.
“The law should provide equally strong protections for you stored communications as it protects you against wiretapping of your communications as they happen,” he said.
It’s also a false dichotomy for the law to distinguish between the actual content of your communications — such as what you’re saying on the phone — and non-content transactional data about your communications, such as the phone numbers you dial. In phone surveillance, it’s a lot easier for police officers to get their hands on who you’ve talked with than recordings or transcripts of the actual conversations.
While that might have made some sense with telephones, Bankston says it makes no sense with Internet communications. He refers to an MIT study that showed that knowing who one’s Facebook friends are can accurately predict a person’s sexual preference
Another speaker, Hugh Stevenson of the U.S. Federal Trade Commission, talked about the need for privacy policies and pointers to be “contextually relevant.”
Instead of a website having a long privacy policy that no one reads, the site should present users with privacy information at each point when they are about to take action that could reveal information.
And, of course, privacy policies need to be clearly written and reasonably concise. A 50-page document that requires you to click on a box to claim you’ve read it before you can sign up for a service doesn’t cut it.
Be the first to comment