By Abbie Gruwell
Government occupies a unique space in the privacy debate—we trust the government with our private information every day, but a lot of data is also collected about us without our knowledge.
Electronic surveillance is often treated differently than a physical search, and in terms of privacy as the “right to be left alone,” we may live in a post-privacy world. However, state legislators have significant opportunities to thoughtfully address the balance between government surveillance and privacy.
State and federal agencies collect many types of data, including images and video, location data and communications data, such as messaging and social media surveillance.
The increasing automation of surveillance and big data analytics through technology that allows for real-time aggregation and analysis of data also presents new privacy challenges. For example, some monitoring systems can use types of machine learning such as natural-language processing and neural networks to find patterns in social media posts and potentially reach conclusions about users. Monitoring by state and federal agencies has increased, but regulations may be falling behind.
A clear and transparent legal framework for government data collection can help navigate these challenges. There are some generally well-accepted technology-neutral privacy principles for policymakers to consider:
- Minimization and narrow tailoring of the data to be collected.
- Building transparency into technology and processes.
- Consent or notification as appropriate.
- Providing an opportunity for procedural review and redress
- Ensuring that the data collected is accurate.
- Planning for good data stewardship, including storage and de-identification.
The balance of privacy values may also differ when the government is collecting targeted data, which focuses on a specific person, or population-level/aggregate data.
The issue of lawful access to encrypted information on phones or other devices has reignited the conflict between encryption as a strong tool for privacy and what are often time-sensitive investigations.
This summer, the Lawful Access to Encrypted Data Act was introduced in the Senate. The bill would require tech companies to aid law enforcement in executing search warrants concerning encrypted information, including isolating information, decrypting or decoding, or providing technical support to execute a warrant. The bill would also require that certain tech companies are capable of providing law enforcement access to encrypted information, which privacy advocates claim will result in electronic backdoors that may be exploited by bad actors.
Recent protests have brought up broader issues of surveillance by law enforcement. State and federal law enforcement agencies have employed various tools such as wireless interception of text messages, facial recognition technology, social media data, automatic license plate scanners, and drone surveillance to monitor gatherings and make plans for crowd safety.
Some agencies use data aggregation technologies that collect wide swaths of public and non-public information to create specific profiles that allow for various degrees of predictive policing. These tools have created unprecedented investigative opportunities for law enforcement, but also call into question how well privacy protections have kept up with technology.
Policymakers may also look at privacy when considering the development of “smart cities” that integrate large numbers of devices and automated decision-making based on data. The large number of connected endpoints required by Internet of Things innovations creates endless amounts of citizen data, some of which may not have been anticipated.
Communities also must be aware who (or what) is making decisions based on the data, especially as cities propose using applications that rely on sensors. Among more specific privacy and security prescriptions, policymakers can consider including privacy assessments in the planning of smart cities.
Don’t Miss NCSL’s Privacy Week, Sept. 21-25. NCSL Privacy Week is for legislators and legislative staff interested in consumer data policy, the use of government data and the intersections between data privacy and cybersecurity. And check out two previous blogs on the issue: Privacy and Coronavirus Tracing Technology and Privacy and Emerging Technology, Private Sector Perspectives on Regulation.
Abbie Gruwell is senior committee director of NCSL’s Communications, Financial Services, and Interstate Commerce Committee.