Big Data and Ownership
The Federal Trade Commission has required that commercial data brokers be transparent and give consumers control over their personal data. Commercial data brokers (CDB) are private firms, including Google, that engage in collecting and aggregating vast publicly available information about an individual, such as addresses, telephone numbers, email addresses, demographic information and real estate data. CDBs typically sell their information for identity verification, marketing, and other purposes such as locating friends and nefarious stalking. More sophisticated brokers correlate disparate bits of information and, using pattern recognition software, generate a clear picture and history of individuals .
Every time individuals connect with the Internet they are giving away personal data. The plethora of possibilities made available by the Internet of Things (IoT) opens up multiple avenues for connecting with the Internet and divulging information. Nest, the IoT platform owned by Google, that monitors homes while the residents are away, has detailed knowledge about the movements and lifestyle of these absent individuals. Who owns this data? With ownership rights come the privileges of trading this data and the possibility of malevolent use.
The law applicable to protection of email communications, text messages, social media messages, videos and other metadata (non-content information such as date/timestamps, to/from information) is the 1986 Electronic Communications Privacy Act (ECPA). While this law applies to businesses generally, it does not apply to government access to these records since there are “procedures under which the government can require a provider to disclose customers’ communications or records” . Title II of this act is the Stored Communications Act (SCA) which covers access to stored emails directly from the service provider. The SCA applies both to email providers as well as data storage companies, and while voluntary disclosure of data is prohibited, it contains “procedures permitting the government to require the disclosure ofcustomers’ communications or records” . Addressing some of the challenges posed by the outdated nature of ECPA, Congress introduced the LEADS Act in 2015, which covers non-US territory. Thus, the Act “would authorize the government to obtain the contents of electronic communications regardless of where those contents are stored if the account holder is a U.S. person” .
This feature addresses the practice of customer data storage in scattered overseas locations, and often not in the same country as the user. More recently, Microsoft was required to divulge content of a European subscriber’s email, located on servers in Dublin, Ireland. If disclosing this content violates the laws of the foreign country, as Microsoft has argued, interpretation of the LEADS Act is ambiguous. Moreover, this opens up the possibility of nefarious foreign clients of US providers being shielded from US law. On the other hand, if this process were overturned, then non-US firms located on US soil are obliged to share data collected on US citizens with their foreign governments. So, for example, if the Chinese firm Alibaba located in Silicon Valley were asked to divulge information on US residents to the Chinese government, it would be compelled to oblige.
The FTC has created the principle of responsible use in its oversight of data collection, analysis and use. Regulation and the law are not going to effectively and efficiently address the problem of privacy and data misuse. Ultimately, cooperation, trust and responsibility will emerge from the transparency engendered by connectivity. Litigation or anonymity is not welfare enhancing for individuals or groups when there are cooperative options. Self-regulatory groups such as I am the Cavalry will sprout up and monitor data use. This group is a worldwide organization focused on the intersection of cybersecurity and human safety. Their focus is on the IoT or the Internet connection enabled by medical devices, home electronics, automobiles and public infrastructure. As the reach of digital technology extends beyond the reach of a society’s ability to comprehend the risks, this group of researchers collects and analyzes data with a mission “to ensure that technologies with the potential to impact public safety and human life are worthy of our trust” .