Most of us are confused and uninformed about data privacy. The FBI is too.
An internal FBI audit has found the agency violated rules more than 1,000 times while collecting data on domestic phone calls, e-mails and financial transaction, says Reuters. The audit only looked over 10 percent of the FBI’s national security investigations since 2002.
That’s one piece of the story. Another part may receive little attention although it may point to a larger problem of greater concern to most of us.
The vast majority of newly discovered violations were instances in which telephone companies and Internet providers gave agents phone and e-mail records the agents did not request.
Of the more than 1,000 violations uncovered by the new audit, about 700 involved the provision of information by phone companies and other communications firms that exceeded what the FBI’s National Security Letters had sought.
The audit found that agents were not intentionally holding unlawful data. They were not adequately trained and there are inadequate internal controls. But are there any training programs or management controls at ISP’s or phone companies?
Are there laws governing corporations that gather data about us? Are there oversight groups that can determine if personal data is being abused?
There’s a tremendous need for dialogue and clarity about personal data privacy, security of our data and the use and ownership of personal data.
On the one hand, I am not my clicks. I am a person protected by the law. While surfing, I make the presumption that our law must view my click trail as a form of free speech. On any street corner, I can ask questions, make statements and examine ideas without threat, thus I can search, write and journey the web without fear that this type of data is admissible as a legal threat against me.
Although there have been worrying legal cases for seeking or possessing unlawful items, even minor but wicked arrests for scavenging wireless, I\’ve seen no legal case brought solely on the basis of a click trail. It may be that a click trail could be used by authorities, but I don\’t see this more threatening than the current ability to interview neighbors or ask my mother.
On the other hand, my click stream is about me. The misuse of authority is only one possible abuse of my click stream. Will someone someday try to sell it? Would a new marketplace set a high or a low selling price? Can my click stream be used and misused by corporations, banks, insurance or, gosh, dating services? What would my mother think if she was given my surf habits? Could a vendor make sales adjustments based on instant data feeds? Will bot-sweeps be developed that apply psycho-social evaluations of people or neighborhoods?
Over centuries, we developed rules to define and protect our property. Now we need to expand how we define property in order to include our data, our property. We have a protected domain in our home or on the street with our hands in our pockets. Do we have similar protection for data about us? Can we say it belongs to us? And do we control what is ours?
Current rules are unclear. And our trust in current data managers is low.
There’s a requirement for very strong rules that restrain the use of data. We all need a type of ‘information sovereignty’. I think that mistrust is more healthy than ignoring the matter.