Having tried to insert the wording of the rejected Communications Data Bill into new U.K. anti-terror legislation, then having withdrawn the amendment before reintroducing it days later, securocrat members of the House of Lords have again withdrawn it due to a lack of government support. The “Snooper’s Charter” is therefore back off the table, though it may well return after the May general election, depending on who wins. Monday’s two-hour debate on the matter was tediously similar to last week’s, and appears to have been mainly intended as an opportunity for the peers to complain about not being shown the revised draft of the Communications Data Bill, which the government is keeping under wraps for now. (High point: Lord King blaming WhatsApp for ISIS’s advance in Syria and Iraq.)
Even as websites, wearable computers and, increasingly, every piece of technology we touch gathers and analyzes our data, there’s still hope that privacy will survive. Making that case, however, might mean working from a different definition of privacy than we’re used to.
One cold, hard fact about data privacy is that the data-collection ship sailed long ago, never to return. With limited exceptions, consumers can’t really stop tech companies from collecting data about them. When we log into web services, make phone calls, play our favorite apps or buy the latest in connected jewelry, we’re giving those companies the right to collect just about whatever information they please about who we are and how we use their products.
The situation isn’t wholly good or bad — data analysis is behind lots of user experience improvements as well as targeted ads, for example — but understanding it is critical to understanding what the future of data privacy might look like. There’s not much point in debating what companies can or should collect (because doing so is too easy and regulating it is so hard), but there is an opportunity to put some limits on what companies do with data once they have it.
This why the White House, as part of its new consumer privacy push unveiled on Monday morning, is talking about how student data is used and smart grid data is secured rather than what’s collected. It’s why Federal Trade Commission chairperson Edith Ramirez, speaking about the internet of things at last week’s Consumer Electronics Show, spoke about how long companies should store user data and not whether they should collect it.
The internet of things, in fact, is a prime example of why we’ll probably never be able to put a lid on data collection: because many people actually crave it. The whole point of connected devices is that they collect our data and do something with it, presumably something that users view as beneficial. If I love my fitness tracker or my smart thermostat, I can’t really be upset that it’s sucking up my data.
Even if it’s forced on them, companies selling connected devices need a framework for thinking of user data not just as a valuable resource, but also as something over which they’re the stewards. Collect the data, analyze it, make your money — the whole industry is predicated on these things. But know there will be penalties in place if you do something bad, or even just stupid.
Of course, the devil here will be in the details. What constitutes an acceptable use, security protocol or retention period could vary widely based on industry, company, product, cost or any other of a number of variables. A connected car is not a fitness tracker. A smart door lock is not a connected toothbrush.
But hopefully, the attention the internet of things is getting early on means lawmakers and regulators will be able to come up with some workable, flexible and relatively future-proof rules sooner rather that later. The last thing we want — especially when dealing with data about our physical-world activity — is a repeat of the web, where it’s 25 years later and we still haven’t figured out what privacy means.
I visualized a trove of data from MapLight about the issues on which internet companies are lobbying Congress. Here are the results of that, as well as links to the raw data.
The World Wide Web Foundation, the British Law Society, the Financial Times and a host of digital rights campaigners all think rushing through the DRIP Act as “emergency” legislation is a terrible idea.
The House Energy and Commerce bill grants cable operators’ wish by sunsetting the integration ban. However, it also gives the FCC authority to impose new set-top security rules in the future.
One interesting result of the NTIA’s propsal to relinquish U.S. control over the DNS could be to drive a final stake through anti-piracy proposals like SOPA that rely on manipulating DNS queries as an enforcement mechanism.
Forget about how much data a disk can store or whether companies will use Hadoop. The questions for big data going forward are how they’ll use Hadoop, how intelligent our systems can actually become and how we’ll keep them in check.
One proposal added to the draft bill to reauthorize STELA would eliminate the FCC rule requiring cable operators to separate the security components of the set-top boxes they lease to subscribers from the other functions of the device such as navigation.
By moving first, the House could bring the issue of retransmission consent reform to a head more quickly than the Senate’s approach contemplated.
Senate Commerce Committee chairman Jay Rockefeller is proposing to attach a sweeping overhaul of the retransmission consent rules to a bill all the affected parties want to see passed.