Page 27 - Privacy in a Cyber Age Policy and Practice
P. 27

12  PRIVACY IN A CYBER AGE

           attention was paid to the question of whether the government can legally
           collect certain kinds of information under specific conditions. This was
           reasonable because most violations of privacy occurred through search
           and surveillance that implicated this first-level spot collection. True, some
           significant violations also occurred as a result of collating, storing, analyz-
           ing, and distributing information. However, to reiterate, as long as records
           were paper bound, which practically all were, these secondary violations
           of privacy were inherently limited when compared to those enabled by the
           digitization of data and the use of computers.
              To illustrate this cardinal transformative development, a comparison: In
           one state, a car passes through a tollbooth, a picture of its license plate is
           taken, and then this information is immediately deleted from the computer
           if the proper payment is made. In another state, the same information, aug-
           mented with a photo of the driver, is automatically transmitted to a central
           data bank. There, it is combined with many thousands of other pieces of
           information about the same person, from locations they have visited based
           on cell tower triangulation to their magazine subscriptions and recent pur-
           chases and so on. Artificial intelligence systems regularly analyze the infor-
           mation to determine if people are engaged in any unusual behavior, which
           places of worship they frequent (flagging mosques), which political events
           they attend (flagging those who are often involved in protests), and if they
           stop at gun shows. The findings are widely distributed to local police and the
           intelligence community and can be gained by the press and divorce lawyers.
              Both systems are based on spot collection, that is, the collection of pieces
           of information that pertain to a very limited, specific event or point in time
           and that typically are of little significance in and of themselves—as in the
           case in the first state. However, if such information is stored, combined
           with other information, analyzed, and distributed—that is, if such infor-
           mation is cybernated—as depicted in the second scenario, it provides a
           very comprehensive and revealing profile of one’s personal life. In short,
           the most serious violations of privacy are often perpetuated not by surveil-
           lance or information collection per se, but by combination, manipulation,
           and data sharing—by cybernation. The more information is cybernated,
           the more intrusive it becomes.

                         C. Limiting Intrusion by Cybernation

                            1. Third Party and the Europeans

           There are in place two major systematic approaches to dealing with privacy
           violations that result from secondary uses: the third-party doctrine and
           the EU Data Protection Directive (DPD). The third-party doctrine holds
   22   23   24   25   26   27   28   29   30   31   32