Best Lawyers® — 04/07/2017 at 09:00

The Past, Present, and Future of Data Privacy

by

girl5

It is always important to remember that our world is largely the result of fortunate accidents. 

The oxygenated world in which complex life could evolve didn’t occur until halfway through Earth’s recorded history (and was merely a consequence, a waste product, of the conversion of sunlight into food for cyanobacteria through photosynthesis). Mammals didn’t thrive until the great Chicxulub impact created an extinction event for the dominant creatures (dinosaurs), allowing our smaller, hairy ancestors to diversify and increase in size. And man’s very existence was so tenuous that mitochondrial DNA analysis suggests that all current human beings now on Earth are descended from one maternal lineage. 

And so it is with the world of data and privacy. Our digital world was not architected or designed (and certainly not designed for privacy)—it developed as a result of a series of fortunate accidents and synergies. From the first discussions of redundant communication infrastructure designed for the Cold War in the late 1960s that evolved into the Internet, to the proliferation of personal computers in the 1980s as entertainment/personal service devices that eventually spawned HTML-based web browser communication, to the set of satellite based mass/cellular communication that eventually connected the now pervasive mobile/digital devises that began appearing in the 2000s.      

We are now faced with the same dilemma as the creators of the atom bomb: What do we do with what we have created? The obvious answer is that we use it. The problematic question is how.

While security breaches that reveal personally identifiable information of millions of people make headlines (and generate the type of belated and ineffective legal protections that provide “notice but no practical remedy”), our more valuable assets—our privacy and ability to remain anonymous—are rapidly vanishing.   

Every two days we create as much information as we did from the dawn of civilization until 2003: over 2.5 quintillion bytes (to give some context, it would take over 200,000 years for just one quintillion gallons of water to flow over Niagara Falls). Many create daily digital footprints through their digital devices of every place they go, every person they communicate with, every item they buy, and every cause they support. Not intentionally, mind you, but all as a consequence of using a cell phone with GPS, not using cash, and opting for virtual/digital communications. And big brother—or at least big data—is watching and archiving everything. 

The legal and commercial response to this environment (as it is with most revolutionary technology) is too little, too late. We have some minimal state and federal protection schemes for the most abused personal information (our name and financial information) and a slightly higher regulatory framework for financial and medical institutions/information and children. But more recently, we have an administration opposed to even the most basic Internet privacy rules. Similarly, after over a decade of pervasive digital identities, we are still talking about “passwords” (which are usually too weak), embedded digital devices in the Internet of things that lack any security, and a new generation raised on the Amazon/Facebook premise that readily choose convenience over privacy (and systematically give up control of our digital identities in the name of commerce and social discourse).

What makes this situation more practically problematic is that there is relatively little protection of the most pervasive digital fingerprint we leave: our cell phone number! Data aggregators can not only track what you do and where you are, but relate that information to the quintillion bytes of commercial and personal activity that can be cross-referenced with that number since it’s freely shared across all environments in which we exist.

Lawyers need to be concerned and engaged in this discourse.  

First, we need to expect more. We need to expect that the government will establish not only schemasthat protect and guarantee our most fundamental privacy rights (including the right to be anonymous and forgotten), but also govern those entities that consumers cannot, i.e., the huge data aggregators and mass merchants that can prey upon the individual and have an economic incentive to do so. We need to expect businesses to incorporate sufficient security in every digital device to protect its integrity and allow upgrades as new threats are detected, whether that is a “kill switch” in an iPhone that gets misplaced, a chip in an intelligent doll, or the computer in a smart car that determines when it brakes. We need to move from proxies such as passwords to more robust authentication and verification schemas based upon who we are, not what we possess.

Second, we need to anticipate more. We as a society have allowed the happenstance of the digital environment to develop as a fortunate accident. With the advent of true artificial intelligence, we need to become purposeful in integrating controls with capabilities. And with the intrusion of digital-assist devices in inherently dangerous instruments like cars, airplanes, traffic controls, and power grids, we need to become mindful that any transitional technology is inherently flawed and that the goal is not merely efficiency gains but ultimately safety and practical benefit. We should “vote with our dollars” only for technology that assures us of both.

Lastly, we need to reflect more. As the amount, granularity, and personal intrusion capable with digital data increases logarithmically, we need to understand that these new capabilities allow us to be both less and at the same time more, and that is a choice each of us should be able to personally make. Perhaps that choice is based upon what we legislate and what our societal conscience dictates. But it could also be based on economics, or merely accident.

My voice, as is the voice of most lawyers, is one of reason. Verify us, and with that, create a future where privacy remains a constitutional, alienable human right and is protectable regardless of how such protection is created and maintained. As lawyers, we have that duty and privilege.


Kelly L. Frey Sr. / Frost Brown Todd LLC

 

5 Key Actions Your Business Can Take to Manage Data Breach Risk
The Advocate for the Toughest Battles
Outcomes Focus: Environmental Impact Bonds are All About Results
The Evolving Landscape of Family Law

Leave a Reply

— required *

— required *