Privacy falls victim to free market in US

Wired on Friday: As anyone who has watched American talk shows will attest, the United States sometimes seems a little hazy …

Wired on Friday: As anyone who has watched American talk shows will attest, the United States sometimes seems a little hazy on the concept of keeping one's most intimate secrets to oneself. Yet, the right to be left alone - particularly by the government - is a fiercely defended value across every class and political view, writes Danny O'Brien

The US approach to digital privacy is as contradictory as its citizens' own conception of that idea. Every week, reports of identity thefts, driven by online hacking or exploitation, hit the headlines. Yet unlike the EU, where there is a growing corpus of law that protects Europeans from the misuse of their personal data, Americans have only a hodge-podge of legal protections.

US laws are a clumsy patchwork that have emerged after various privacy scandals, which means that your right to keep your affairs secret varies wildly from context to context.

For instance, after a scandal that centred around a prominent US senator renting pornography from a local video shop, a law was passed quickly that means records of video tape rentals are more strongly protected than records of telephone calls.

READ MORE

When Americans look to their courts and constitution to cut through these kinds of legislative muddles, the results have been equally confused. In a series of poor decisions, the US courts decided that if citizens hand over personal data to a third party, they thereby waive any constitutional privacy rights they might have over the data. This means that while the US bill of rights says the courts need a warrant to seize your papers, anything held by a third party has no special status.

The records of all your phone calls are not protected by the constitution, because you foolishly shared those details with the phone company. Your bank records aren't private, because you shared that information with your bank, and so on.

The country's laissez-faire attitude to privacy has reached the point whereby businesses in the European Union can hardly talk to their US cousins without breaching Europe's own data protection protocols.

Last week, a group of US privacy institutions played whistleblower on their own government, informing the EU that the US government was planning on taking European airline passenger records and passing them secretly from Homeland Security to the Center for Disease Control and Prevention.

Perfectly legal in the US, but a serious breach of data protection principles in the EU.

There's some indication that the current law on privacy doesn't match what Americans imagine their protections to be. Most were scandalised when they heard of websites that sell past records of who you called on the phone to strangers for a fee.

Most Americans express irritation at the junk mail they receive from endlessly resold mailing lists. Nonetheless, it's also true that Americans don't seem to care as much.

A study published this week by Unisys indicated that US citizens

were willing to share more personal data with governments and businesses than their European counterparts.

There are very few Americans clamouring for European-style privacy regulation. Indeed, the largest constituency arguing for consistent and widespread privacy laws in the US turns out to be, of all groups, Microsoft.

Last November, the company published a paper supporting comprehensive reform of US privacy laws.

Why would a company like Microsoft step into this arena, when so few of the customers who actually suffer from identity theft and privacy loss will?

Perhaps it is because people in the US don't demand that the government do something when data is leaked - they just grow more fearful of the technology that has enabled such problems to occur.

The American Consumers' Union reported last year that almost one-third of US internet users say they have cut back on shopping online because of fears about identity theft. Microsoft itself has said its concerns over privacy revolve around the chilling effect it has on consumers' adoption of new technology.

And it's also true that when Microsoft's own image is one of insecure and virus-infected systems, it has some additional government clout to take on the real crooks.

Even with support from companies like Microsoft, it seems unlikely that Americans will get anything like the privacy protection enjoyed by Europe anytime soon.

Such widescale reforms are impossible to pass without bi-partisan support, and too many companies would fight for any liability or transparency in their data collection practices.

But perhaps that's a good thing - at least for those wanting to uncover just what privacy controls we need in a networked world.

The US has once more set upon the path of being the great experiment. In this case, the experiment will be exactly what the free market can do when given an open season over personal data.

As with this week's news that Americans are in poorer health than Europeans, Europe can draw its own tut-tutting conclusions. But at least we can see what the effects of the decisions Europe decided to forgo actually are. Americans are currently conducting a fascinating experiment in a near free market for private information.

Will the private sector successfully exploit personal information in a way that makes money, and keeps their customers happy?

And will Europe's fortress of data protection protect its inhabitants' privacy, or will it crumble in the face of the freer, globalised market outside?

Danny O'Brien is activism co-ordinator for the Electronic Frontier Foundation