Three recent bills in Congress are attempting to put a legislative brake on the uncontrolled collection and selling of an ever expanding pool of personal information on consumers and citizens.
The bills include :
H. R. 1528 the ‘‘Consumer Privacy Protection Act of 2011’’, introduced APRIL 13, 2011
S. 799 the ‘‘Commerci al Privacy Bill of Rights Act of 2011’’, introduced APRIL 12, 2011
H. R. 654 the ‘‘Do Not Track Me Online Act’’, introduced in February 2011
An example of congressional concern from a recent news story, is Representative Markey's responce to the disclosure of Apple's hidden and unencrypted tracking saying, "“Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn’t become an iTrack,” “Given the widespread usage of iPhones and iPads by individuals under the age of 18, is Apple concerned that the wide array of precise location data logged by these devises can be used to track minors, exposing them to potential harm?”
According to an article by George H. Pike, director of the Barco Law Library and assistant professor of law at the University of Pittsburgh School of Law, "The proposals would set minimum requirements for security of the information collected, and require senior management accountability for developing and implementing those standards. The Senate proposal would go further, imposing a “privacy by design” regime that would require businesses to incorporate information privacy protections and safeguards throughout the life cycle of a product or data gathering tool, rather than as an afterthought. The Senate bill would also impose rules for data minimization—collecting and retaining the minimum data for the minimum amount of time necessary to complete a transaction—and require procedures to ensure data accuracy." No congressional action has been taken on H.R. 654, as of yet.
Not all the threats to people's privacy come from actors outside the law. The developments in mobile technology and affordable forensic software and the application of the "plain view" doctrine to digital data by many courts, may make the next police traffic stop, into a legally sanctioned expedition into your daily life.
Writer , Alexis Madrigal, in an article in April Atlantic Magazine, describes the unexpected and frightening extent to which the off-the-shelf forensic software, "Lantern", provided a detailed record of his daily activities reflected in the memory of his cell phone :
"I plugged my phone into my computer and opened an application called Lantern, a forensics program for investigating iPhones and iPads. Ten minutes later, I'm staring at everything my iPhone knows about me. About 14,000 text messages, 1,350 words in my personal dictionary, 1,450 Facebook contacts, tens of thousands of locations pings, every website I've ever visited, what locations I've mapped, my emails going back a month, my photos with geolocation data attached and how many times I checked my email on March 24 or any day for that matter. Want to reconstruct a night? Lantern has a time line that combines all my communications and photos in one neat interface. While most of it is invisible during normal operations, there is a record of every single thing I've done with this phone, which also happens to form a
pretty good record of my life."
Mr. Madrigal says that according to the ACLU in Michigan, an FOIA request suggests that state troopers were using the "Cellebrite UFED", software similar to "Lantern", during routine traffic stops.
One reason that Congress is looking at legislation is that the current practices of "self-regulation", “have been too slow, and up to now have failed to provide adequate and meaningful protection.” "Although many companies use privacy policies to explain their information practices, the policies have become long, legalistic disclosures that consumers usually don’t read and don’t understand if they do. Current privacy policies force consumers to bear too much burden in protecting their privacy.", according to the Federal Trade Commission.
Employing technology on the side of the consumer to provide more choice and control for the user is what the FTC calls a "privacy by design" approach that builds privacy protections into everyday business practices. Since gathering, retaining & bundling user information is such a valuable commodity, it may be a hard sell to get businesses to consider such technology.
Only time will tell whether legislation and regulations can have a meaningful impact on the swiftly changing technology and practices that threaten to make 4TH Amendment's rulings on "search & seizure" and “reasonable expectation of privacy.”, just historical relics.