Online Life, Liberty, and the Pursuit of Your Data
The laws protecting online privacy are outdated and need to be revisited, say citizen and consumer rights advocates — a longstanding point on data privacy.
17 July 2014
The laws protecting our online privacy are outdated, incomplete, and need to be revisited, say citizen and consumer rights advocates. They keep raising a long-timely point.
The legislation protecting much of our online privacy, the Electronic Communications Privacy Act (ECPA), dates back to 1986. Privacy advocates, such as the Digital Due Process Coalition, have argued that “the vast amount of personal information generated by today’s digital communication services may no longer be adequately protected.”
Currently, law enforcement can go to cloud providers and just ask for some emails and other materials without a warrant, as advocacy site ProPublica explains. ProPublica thinks this situation needs rectification. Ditto the American Civil Liberties Union, among other privacy groups.
Blocking the Long Cyber-Arm of the Law
While there’s been some rumbling, there have been no legislative votes or court rulings to concretely change the status quo. However, last month a U.S. House majority indicated it supported closing the ECPA loophole that allows police to seize emails 180 or more days old (a copy of the bill is available here). That could be a start.
In fact, some large cloud vendors have lately been giving a cold shoulder to intelligence organizations, such as the National Security Agency. Previously, these tech firms were comfortable handing information over to the NSA with just informal requests. Not so much now, as our prior blog recounts.
Of course if police, armed with a warrant, come calling for information, then even the largest companies may need to comply. Recently, we discussed how Facebook had been fighting a blanket order to release data on hundreds of its customers to federal prosecutors. Facebook’s attorneys argued this was unconstitutional — but a judge forced the firm to comply, anyway. The social media giant couldn’t even alert the account holders to the data seizure.
Giving Customers the Key
It’s time to discuss removing the data storage vendor as the middleman between the government and the data owner altogether. This is possible through customer managed keys (CMKs), which put the power of encryption directly in the hands of the data owner. The cloud vendor can’t decrypt its customer’s data — the government must approach the vendor's customers directly to access their information.
At Intralinks, the security and privacy of your data is a top concern. Interested in learning more about CMKs? Check out our blog outlining the topic.
Marc Songini has worked in the information technology field for more than 16 years. His roles have included those of journalist, analyst, and marketing communications specialist. He admits that when he started out as a cub high tech reporter, Netscape was still rocking the industry with a wondrous new user interface called a “browser.” During his 10 years with International Data Group (IDG), Marc wrote for NetworkWorld and Computerworld, both award-winning magazines. Marc specializes in cloud, enterprise apps, and figuring out the meaning of being human in an automated world.