Page 31 - Privacy in a Cyber Age Policy and Practice
P. 31
16 PRIVACY IN A CYBER AGE
with little or no gain for the common good, unless private actors—and
not just the government—are more reined in. To what extent this may be
achieved by self-regulation, changes in norms, increased transparency, or
government regulation is beyond the scope of this chapter.
For this doctrine to be further developed, laws and court rulings ought
54
to be three-dimensional. Laws and court cases must specify not only
whether a particular collection of personal information is a “search,” but
also what level of sensitivity can be tolerated and to what extent the infor-
mation may be stored, massaged, and distributed. This may seem—and
is—a tall, if not impossible, order. However, as is next illustrated, a consid-
erable number of measures are already in place that are, in effect, at least
two-dimensional. However, these suffer from the fact that they have been
introduced each on their own and do not reflect an overarching doctrine of
privacy; hence, they reveal great inconsistencies that need to be remedied. I
cannot stress enough that the following are only selective examples of such
measures.
One should note that a very early attempt to deal with the issue—
basically, in terms here used, by banning a form of cybernation—utterly
failed. In 2003, Congress shut down the Pentagon’s Total Information
Awareness (TIA) program, which was created to detect potential terrorists
by using data mining technologies to analyze unprecedented amounts of
personal transaction data. However, a report by the Wall Street Journal in
2008 revealed that the most important components of the TIA were simply
“shifted to the NSA” and “put in the so-called black budget, where it would
receive less scrutiny and bolster other data-sifting efforts.” 55
Minimization is one way of addressing the volume issue, as pointed
56
out by Swire in his groundbreaking article on Jones and mosaic theory.
Accordingly, when the FBI taps a phone, even for an extended period of
time, the intrusion can be reduced significantly if the FBI either stops lis-
tening when it hears that the conversation is not relevant to the investiga-
tion (e.g., a child is calling the suspect under surveillance) or locks away
those segments of the taped correspondence that turn out to be irrele-
57
vant. For this rule to be integrated into the doctrine, it may be waived for
insensitive information. That is, there would be no need to minimize if the
child asked, say, to watch TV, but there would be a need to minimize if she
asked, say, about medical news concerning a family member.
Another example of a safeguard against excessive privacy intrusions is
the requirement that certain content be deleted after a specific time period.
Most private companies that utilize CCTV erase video footage after a set
number of days, such as after a week. Admittedly, their reasons for doing
so may be simply economic; however, the effect is still to limit the volume
of collection and potential for subsequent abuse. Note that that there are
