User Privacy in a World of Digital Surveillance
The previous chapter explored the ways in which human rights law may be extended to the architecture and use of digital hardware, requiring states to protect vulnerable populations from the potentially harmful effects of electromagnetic radiation, as they would for any other type of pollution. The digital systems that comprise the Internet are a rapidly evolving combination of hardware and software that enables instantaneous communication, forming the cornerstone of the ‘new economy’. These systems—the entities that capture, process or further disseminate information—generate reams of personal data that may be tracked by policing systems or sold to a third party without the user’s knowledge. Moreover, governments and the private sector often cooperate to monitor or proscribe online content and user behaviour in the name of public interest or safety. Nonetheless, any action—public or private—explicitly directed at the unauthorized collection or distribution of personal data may violate an individual’s right to privacy. Digital surveillance, like pollution, is carefully circumscribed in law and is subject to the recognition of privacy as a human right. In an age of Big Data, privacy enhancing technologies and privacy-by-design are a critical component in the delivery of technology that enhances democratic dialogue and facilitates human lifestyles, while reinforcing the premise of human rights. This chapter will (1) explain the technology necessary to track citizens for policing and commercial purposes, (2) examine the legal framework that protects user privacy, while still enabling the circulation of information that underpins modern social and economic structures and permits state surveillance in an emergency, and (3) explore new ways of thinking about digital privacy that empower the user to have greater control over his or her personal data, thereby contributing to the reinforcement of democracy itself.
KeywordsPersonal Data Privacy Protection Internet Engineer Task Force Information Security Management Private Information Retrieval
- Acquisti, A., Grossklags, J. (2007). What can behavioral economics teach us about privacy? In Acquisti, A., et al. (Eds.), Digital privacy: Theory, technologies, and practices. Boca Raton, FL: CRC Press, Auerbach Publications.Google Scholar
- Agrawal, R. (2002). Why is P3P Not a PET? Electronic privacy information center. Retrived April 28, 2016, from https://www.w3.org/2002/p3p-ws/pp/epic.pdf
- Assemblée Nationale. (1789). Déclaration des droits de l’homme et du citoyen de 1789. Retrived April 10, 2016, from https://www.legifrance.gouv.fr/Droit-francais/Constitution/Declaration-des-Droits-de-l-Homme-et-du-Citoyen-de-1789
- Boyle, J. (2008). The public domain. Enclosing the commons of the mind. New Haven, CT: Yale University Press.Google Scholar
- Commission nationale de l’informatique et des libertés. (2012). Vie privée à l’horizon 2020: paroles d’experts, Cahiers IP: innovation et prospective, No. 1.Google Scholar
- Council of Europe. (1952). Protocol No. 1 to the European Convention for the Protection of Human Rights and Fundamental Freedoms, E.T.S. 9, 213 U.N.T.S. 262, entered into force 18 May 1954.Google Scholar
- Diaz, C., Gürses, S. (2012). Understanding the landscape of privacy technologies. Extended abstract. Information Security Summit 2012.Google Scholar
- Electronic Frontier Foundation. (2016a). Net neutrality. EFF. Retrived April 10, 2016, from https://www.eff.org/issues/net-neutrality
- Electronic Frontier Foundation. (2016b) Why Metadata Matters. EFF. Retrived April 10, 2016, from https://ssd.eff.org/en/module/why-metadata-matters
- European Commission. (2015) Data protection Eurobarometer Factsheet. Retrived October 15, 2015, from http://ec.europa.eu (home page).
- FaberNovel. (2014). GAFAnomics: New economy, New Rules, LinkedIn Corporation. Retrived October 15, 2015, from http://fr.slideshare.net/faberNovel/gafanomics
- Finn, R., Wright, D., & Friedewald, M. (2013). Seven types of privacy. In S. Gutwirth, Y. Poullet, et al. (Eds.), European data protection: Coming of age? Dordrecht: Springer.Google Scholar
- Fitzgerald, B., Shi, S., Foong, C., & Pappalardo, K. (2011). Country of origin and internet publication: Applying the Berne Convention in the digital age. Journal of Intellectual Property (NJIP) Maiden Edition, 38–73.Google Scholar
- Foucault, M. (1977). Discipline and punish: The birth of the prison. New York: Vintage Books.Google Scholar
- Froomkin, M. (2015, October 23–26) Legal (and political) aspects of designing privacy-enhanced digital personae. Presented at the Amsterdam Privacy Conference 2015.Google Scholar
- Fraunhofer Institute (2016). SHORE™—Object and face recognition. Fraunhofer Institute for Integrated Circuits IIS. Retrived April 28, 2016, from http://www.iis.fraunhofer.de (home page).
- Gershman, J. (2016, February 17). Apple v. Justice Department: Politicians and activists take sides on encryption order. Law Blog. The Wall Street Journal. Retrived April 30, 2016, from http://blogs.wsj.com/law (home page).
- Greene, J., Barrett, D. (2016, April 15–7). Microsoft sues US on secret searches. The Wall Street Journal.Google Scholar
- Gurses, S., Troncoso, C., & Diaz, C. (2015, October). Engineering privacy by design reloaded. Presented at the Amsterdam Privacy Conference 2015.Google Scholar
- Gutierrez, E. (2004). Privacy implications of nanotechnology. Electronic privacy information center. Retrived April 28, 2016, from https://epic.org (home page).
- Harper, R. (Ed.). (2014). Trust, computing and society. London: Cambridge University Press.Google Scholar
- Hoepman, J. H. (2014). Privacy design strategies. In Cuppens-Boulahia, N., et al. (Eds.), ICT Systems security and privacy protection. IFIP Advances in Information and Communication Technology (p. 428, pp. 446–459).Google Scholar
- Hoeren, T. (2014). Big data and the ownership in data. Recent developments in Europe. European Intellectual Property Review, 12, 751–754.Google Scholar
- House of Representatives. (2011–2012). Stop Online Piracy Act, 112th Congress, 2nd Session, H.R. 3261, The Library of Congress. Retrived March 13, 2016, from https://www.loc.gov (home page).
- Internet Engineering Task Force. (2016). IETF. Retrived April 10, 2016, from https://www.ietf.org (home page).
- Internet Privacy Engineering Network. (2016). IPEN objectives. Retrived April 10, 2016, from https://secure.edps.europa.eu/EDPSWEB/edps/lang/en/EDPS/IPEN
- Internet Society. (2012). Global internet user survey 2012, ISOC. Retrived March 30, 2016, from http://www.internetsociety.org (home page).
- International Organisation for Standardisation. (2016). ISO/IEC 27001—Information security management, ISO. Retrived March 30, 2016, from http://www.iso.org/iso/home/standards/management-standards/iso27001.htm.
- International Telecommunication Union. (2016). The world in 2015: ICT facts and figures. Retrived March 5, 2016, from http://www.itu.int (home page).
- Internet Architecture Board. (2013). Privacy considerations for internet protocols. Internet Engineering Task Force, RFC 6973, July. Retrived April 10, 2016, from https://tools.ietf.org/html/rfc6973
- Internet Society (2016). Internet society mission statement. Retrived April 30, 2016, from http://www.internetsociety.org/who-we-are/mission
- Lessig, L. (2004). Free culture. How big media uses technology and the law to lock down culture and control creativity. New York: Penguin.Google Scholar
- Lindell, Y. (2010). Anonymous authentication. Journal of Privacy and Confidentiality, 2, 35–63.Google Scholar
- Loi no. 78-17. (1978). Relative à l’informatique, aux fichiers et aux libertés, JORF du 7 Janvier 1978, p. 227.Google Scholar
- Morozov, E. (2013, October 22). The real privacy problem. MIT Technology Review, p. 23.Google Scholar
- Office of the High Commissioner for Human Rights. (1988, April 8). CCPR general comment no. 16: Article 17 (Right to Privacy) The right to respect of privacy, family, home and correspondence, and protection of honour and reputation. Adopted at the Thirty second Session of the United Nations Human Rights Committee.Google Scholar
- Office of the High Commissioner for Human Rights. (2014, June 30). The right to privacy in the digital age. Report presented at the Twenty-seventh Session of the United Nations Human Rights Council, A/HRC/27/37.Google Scholar
- Organisation for Advancing Open Standards for the Information Society. (2016). Oasis consortium. Retrived April 10, 2016, from https://www.oasis-open.org (home page).
- Pew Research Internet Project. (2013). Anonymity, privacy and security online. Pew Research Center. Retrived April 10, 2016, from http://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online-2
- Popsecu, M., Baruh, L. (2015, October 23–26). Consumer surveillance and risk of harm in the age of big data: An ethical analysis. Presented at the Amsterdam Privacy Conference 2015.Google Scholar
- Posner, R. (2013, April 28). Privacy is overrated. New York Daily News.Google Scholar
- Troncoso, C. (2015). Privacy-preserving tools to support privacy-by-design. Security Engineering Forum. Retrived January 30, 2015, from http://www.securityengineeringforum.org/blog
- United Nations General Assembly. (1948). Universal Declaration of Human Rights, G.A. res. 217 A (III), adopted by the U.N. Doc. A/810, 10 December.Google Scholar
- United Nations General Assembly. (1966). International Covenant on Civil and Political Rights, G.A. res. 2200A(XXI), 21 U.N. GAOR Supp. (No. 16) at 52, U.N. Doc. A/6316, 999 U.N.T.S. 171, entered into force 23 March 1976.Google Scholar
- United Nations Secretary-General Hammarskjold. (1955, July 1). Annotations on the text of the draft International Covenants on Human Rights, UN Doc. A/2929.Google Scholar
- Vaidhyanathan, S. (2001). Copyrights and copywrongs: The rise of intellectual property and how it threatens creativity. New York: New York University Press.Google Scholar
- World Wide Web Consortium. (2016). Platform for privacy preferences (P3P) Project, W3C. Retrived April 29, 2016, from https://www.w3.org/P3P
- Court of Justice of the European Union. (2014). Judgment in Joined Cases C-293/12 and C-594/12, Digital Rights Ireland, 8 April.Google Scholar
- Court of Justice of the European Union. (2014) Judgment in Case C-131/12, Google v. Costeja González, 13 May.Google Scholar
- Court of Justice of the European Union. (2015) Judgment in Case C-362/14, Maximillian Schrems v. Data Protection Commissioner, 6 October.Google Scholar
- United States Court of Appeals, Second Circuit. (2015) American Civil Liberties Union v. James Clapper, Docket No. 14-42-CV, decided 7 May.Google Scholar
- United States District Court, Western District of Washington at Seattle. (2016) Complaint for declatory judgment. Microsoft v. U.S. Department of Justice, DWT 29162898v13 0025936-002444, 14 April.Google Scholar