Privacy Localism

Privacy law scholarship often focuses on domain-specific federal privacy laws and state efforts to broaden them. This Article provides the first comprehensive analysis of privacy regulation at the local level (which it dubs “privacy localism”), using recently enacted privacy laws in Seattle and New York City as principal examples. Further, this Article attributes the rise of privacy localism to a combination of federal and state legislative failures and three emerging urban trends: the role of local police in federal counterterrorism efforts; smart city and open data initiatives; and demands for local police reform in the wake of widely reported abusive police practices. Both Seattle and New York City have enacted or proposed (1) a local surveillance ordinance regulating the purchase and use of surveillance equipment and technology by city departments, including the police, and (2) a law regulating city departments’ collection, use, disclosure, and retention of personal data. In adopting these local laws, both cities have sought to fill two significant gaps in federal and state privacy laws: the public surveillance gap, which refers to the weak constitutional and statutory protections against government surveillance in public places, and the fair information practices gap, which refers to the inapplicability of the federal and state privacy laws to government records held by local government agencies. Filling these gaps is a significant accomplishment and one that exhibits all of the values typically associated with federalism such as diversity, participation, experimentation, responsiveness, and accountability. This Article distinguishes federalism and localism and shows why privacy localism should prevail against the threat of federal and—more importantly—state preemption. This Article concludes by suggesting that privacy localism has the potential to help shape emerging privacy norms for an increasingly urban future, inspire more robust regulation at the federal and state levels, and inject more democratic control into city deployments of privacy-invasive technologies

Anonymization and Risk

Perfect anonymization of data sets that contain personal information has failed. But the process of protecting data subjects in shared information remains integral to privacy practice and policy. While the deidentification debate has been vigorous and productive, there is no clear direction for policy. As a result, the law has been slow to adapt a holistic approach to protecting data subjects when data sets are released to others. Currently, the law is focused on whether an individual can be identified within a given set. We argue that the best way to move data release policy past the alleged failures of anonymization is to focus on the process of minimizing risk of reidentification and sensitive attribute disclosure, not preventing harm. Process-based data release policy, which resembles the law of data security, will help us move past the limitations of focusing on whether data sets have been “anonymized.” It draws upon different tactics to protect the privacy of data subjects, including accurate deidentification rhetoric, contracts prohibiting reidentification and sensitive attribute disclosure, data enclaves, and query-based strategies to match required protections with the level of risk. By focusing on process, data release policy can better balance privacy and utility where nearly all data exchanges carry some risk

Privacy and Security in the Cloud: Some Realism About Technical Solutions to Transnational Surveillance in the Post-Snowden Era

Since June 2013, the leak of thousands of classified documents regarding highly sensitive U.S. surveillance activities by former National Security Agency (NSA) contractor Edward Snowden has greatly intensified discussions of privacy, trust, and freedom in relation to the use of global computing and communication services. This is happening during a period of ongoing transition to cloud computing services by organizations, businesses, and individuals. There has always been a question of inherent in this transition: are cloud services sufficiently able to guarantee the security of their customers’ data as well s the proper restrictions on access by third parties, including governments? While worries over government access to data in the cloud is a predominate part of the ongoing debate over the use of cloud serives, the Snowden revelations highlight that intelligence agency operations pose a unique threat to the ability of services to keep their customers’ data out of the hands of domestic as well as foreign governments. The search for a proper response is ongoing, from the perspective of market players, governments, and civil society. At the technical and organizational level, industry players are responding with the wider and more sophisticated deployment of encryption as well as a new emphasis on the use of privacy enhancing technologies and innovative architectures for securing their services. These responses are the focus of this Article, which contributes to the discussion of transnational surveillance by looking at the interaction between the relevant legal frameworks on the one hand, and the possible technical and organizational responses of cloud service providers to such surveillance on the other. While the Article’s aim is to contribute to the debate about government surveillance with respect to cloud services in particular, much of the discussion is relevant for Internet services more broadly

Anonymization and Risk

Perfect anonymization of data sets that contain personal information has failed. But the process of protecting data subjects in shared information remains integral to privacy practice and policy. While the deidentification debate has been vigorous and productive, there is no clear direction for policy. As a result, the law has been slow to adapt a holistic approach to protecting data subjects when data sets are released to others. Currently, the law is focused on whether an individual can be identified within a given set. We argue that the best way to move data release policy past the alleged failures of anonymization is to focus on the process of minimizing risk of reidentification and sensitive attribute disclosure, not preventing harm. Process-based data release policy, which resembles the law of data security, will help us move past the limitations of focusing on whether data sets have been “anonymized.” It draws upon different tactics to protect the privacy of data subjects, including accurate deidentification rhetoric, contracts prohibiting reidentification and sensitive attribute disclosure, data enclaves, and query-based strategies to match required protections with the level of risk. By focusing on process, data release policy can better balance privacy and utility where nearly all data exchanges carry some risk

Privacy and Security in the Cloud: Some Realism About Technical Solutions to Transnational Surveillance in the Post-Snowden Era

Since June 2013, the leak of thousands of classified documents regarding highly sensitive U.S. surveillance activities by former National Security Agency (NSA) contractor Edward Snowden has greatly intensified discussions of privacy, trust, and freedom in relation to the use of global computing and communication services. This is happening during a period of ongoing transition to cloud computing services by organizations, businesses, and individuals. There has always been a question of inherent in this transition: are cloud services sufficiently able to guarantee the security of their customers’ data as well s the proper restrictions on access by third parties, including governments? While worries over government access to data in the cloud is a predominate part of the ongoing debate over the use of cloud serives, the Snowden revelations highlight that intelligence agency operations pose a unique threat to the ability of services to keep their customers’ data out of the hands of domestic as well as foreign governments. The search for a proper response is ongoing, from the perspective of market players, governments, and civil society. At the technical and organizational level, industry players are responding with the wider and more sophisticated deployment of encryption as well as a new emphasis on the use of privacy enhancing technologies and innovative architectures for securing their services. These responses are the focus of this Article, which contributes to the discussion of transnational surveillance by looking at the interaction between the relevant legal frameworks on the one hand, and the possible technical and organizational responses of cloud service providers to such surveillance on the other. While the Article’s aim is to contribute to the debate about government surveillance with respect to cloud services in particular, much of the discussion is relevant for Internet services more broadly

Data Mining and Internet Profiling: Emerging Regulatory and Technological Approaches

The 9/11 terrorists, before their deadly attacks, sought invisibility through integration into the society they hoped to destroy. In a similar fashion, the terrorists who carried out subsequent attacks in Madrid and London attempted to blend into their host lands. This strategy has forced governments, including the United States, to rethink counter-terrorism strategies and tools.One of the current favored strategies involves data mining. In its pattern-based variant, data mining searches select individuals for scrutiny by analyzing large data sets for suspicious data linkages and pat-terns. Because terrorists do not “stand out,” intelligence and law enforcement agents want to do more than rely exclusively on investigations of known suspects. The new goal is to search “based on the premise that the planning of terrorist activity creates a pattern or ‘sig-nature’ that can be found in the ocean of transaction data created in the course of everyday life.” Accordingly, to identify and preempt terrorist activity, intelligence agencies have begun collecting, retaining, and analyzing voluminous and largely banal transactional information about the daily activities of hundreds of millions of people.Private organizations have their own reasons for gathering wide-spread information about individuals. With the expansion of internet-based services, companies can track and document a broad range of people’s online activities and can develop comprehensive profiles of these people. Advertisers and marketing firms likewise have strong incentives to identify and reach internet users whose profiles have certain demographic, purchasing behavior, or other characteristics. The construction, storage, and mining of these digital dossiers by inter-net companies pose privacy risks. Additional privacy issues arise when the government obtains this information, which it currently can with-out much legal process.This essay begins by examining governmental data mining; its particular focus is on pattern-based searches of databases according to a model of linkages and data patterns that are thought to indicate suspicious behavior. In Part I, this essay reviews widely held views about the necessary safeguards for the use of data mining. In Part II, this essay considers “dataveillance” by private corporations and how they have compiled rich collections of information gathered online in the absence of a robust legal framework that might help preserve online privacy.This essay then discusses some of the techniques that individuals can employ to mask their online activity as well as existing and emerging technological approaches to preventing the private sector or government from linking their personal information and tracing their activities. These technologies permit users to move about the world wide web pseudonymously and to adopt privacy-enhancing identity management systems. This essay concludes by briefly considering three topics: (1) whether and how to regulate the potential impact of identity management systems on counterterrorism efforts; (2) the requirements of transparency and understanding of the underlying models used in either data mining or identity management systems as a necessary prelude to the creation of rules on appropriate access and use; and (3) the need for research in several further areas