Facebook’s user agreement gives
Facebook the ability to release user data to law enforcement where it has a, “good
faith belief,” that it is necessary to prevent harm or that it is required by
law. Such a provision is not unique to
Facebook. Yahoo, Twitter, EBay, and others, all have similar provisions buried
within their user agreements and terms of service. Increasingly, one of the
questions that the privacy debate must answer is: to what extent should consent
invalidate the protections that ECPA, the CPA, and even the FTC, traditionally
afford user data? While statutes like the Privacy Act regulate the uses and
maintenance of government databases, the increasing reliance of the government
on information provided by the private sector, raises new questions in the
evolving debate over user privacy.
The current
privacy protections for user data are problematic. In my last entry I discussed
Google’s requirement that any request for user data by the government, be
accompanied by a warrant. While the efforts of Google, and companies like it
are admirable, the lack of a unified standard for government access to data
collected by private companies is especially troubling for individuals that are
concerned with data privacy.
In Smith,
the Court determined that people do not maintain a Fourth Amendment interest in
information that they pass on to third parties. While ECPA, FCRA, and even the
FTC, regulate how the government can require third parties to disclose user
information, there is little protection in place for information that users
give to companies, and which the companies then voluntarily disclose.
Furthermore, what little regulation may be in place in the form of FTC
enforcement agreements (which make it a “promises,” violation to use
information in ways other than specified in the user agreement and terms of
service) is undercut by vague requirements for disclosure, that allow companies
like Facebook, to release information to law enforcement whenever they feel
that they have a “good faith belief.”
As these
articles note, government agencies are increasingly using private sector data
collectors to gather information that would otherwise be difficult to access.
While government regulation like ECPA, the rules propagated by the FTC, and
even the Fourth Amendment, regulate how the government can access your data,
such protections rapidly become irrelevant when user agreements contain clauses
that allow a company to release user data upon request. One way that these
articles suggest for protecting user data, is by requiring that the government
obtain a warrant before it can access user data from the private sector. While
such a requirement would not rise to the level of probable cause necessary for
the “super warrant,” governing the Electronic Intercept portion of ECPA, a
warrant requirement for the purposes of obtaining private sector data on
individual users would be a step in the right direction for user privacy.
As it now
stands, the lack of security controlling government access to private sector user
data is in need of reform. While it is true that people may recognize that they
give up some degree of privacy when they use Facebook, Google, etc., it is
doubtful that they would be comfortable with the truly vast amount of control
that they give such companies over their data. Thus, a warrant requirement for
government access to user data seems like a good, common sense, step to
protecting user privacy and the erosion of civil liberties, in an era where
simply avoiding the use of such sites in no longer a viable option.
No comments:
Post a Comment