Some privacy groups believe government surveillance is the biggest problem Internet users face. Others point to companies’ data collection. Still other groups involved in U.S. privacy debates don’t see major problems right now.
Neema Singh Guliani is a legislative counsel with the American Civil Liberties Union, a civil-rights group with a long history of serving as a government watchdog.
Thomas Lenard is president and senior fellow at the Technology Policy Institute, a free-market think tank generally opposed to government regulations. It tends to focus on regulatory issues.
John Simpson is director of the Privacy Project at Consumer Watchdog, a progressive consumer advocacy group.
Unlike the ACLU and Consumer Watchdog, TPI sees little need for new government regulations regarding privacy. While most other libertarian-leaning groups have raised alarms about government surveillance, the organization questions whether the government has ever abused its surveillance power. Their answers have been edited for length and clarity.
THE PARALLAX: What are the biggest privacy threats to Internet users?
GULIANI: Our federal privacy laws appear to lag decades behind technology and do not always ensure equitable treatment. Our laws protecting electronic information have not been updated since the ‘80s; we have not placed sufficient restrictions on the NSA, whose surveillance capabilities leapfrog every year; and our government lacks a comprehensive policy to encourage the development of encryption and other technologies that can provide greater cybersecurity to all communities.
LENARD: Since 2009, not one of about a half-dozen government reports—by both the administration and the Federal Trade Commission—has found evidence of actual (as distinct from speculative) harms from legitimate uses of personal data. This suggests that claims of privacy threats to Internet users are overblown.
SIMPSON: Data is being gathered for purposes entirely different than those to which consumers have given informed consent. Couple this with information compiled by data brokers, where you don’t even know what they have, and you have no way to correct what’s there. With the Internet of Things, the threat will be even greater. So much more information about what people do online and with their connected devices will be available for data mining and analysis.
THE PARALLAX: Is data collection from large Internet companies or government surveillance more concerning?
GULIANI: We should be concerned by improper data collection by companies and the government. But the reality is that the government has power that companies do not. The government can put someone in prison or prohibit him from flying on a plane. So we need to be extra vigilant to ensure that the government is not collecting and using information improperly. At the same time, we cannot ignore the increasingly large impact that private companies have on American lives.
LENARD: Government surveillance is potentially a greater threat because government doesn’t have the same checks on its behavior as the private sector. Firms need to be sensitive to the preferences of their customers, or they will stop using the service. Having said that, and the Snowden revelations notwithstanding, there doesn’t seem to be much evidence of current abuses of U.S. government surveillance. Policymakers contemplating changes in government surveillance practices need to take into account the trade-off between privacy and public safety.
SIMPSON: I’d say collection by Internet companies is more troublesome largely because it is so pervasive. They can also do pretty much what they want; governments supposedly have more restrictions on them, including requirements for warrants and such. And if the large Internet companies didn’t assemble their massive databases, much of the surveillance done by NSA wouldn’t be possible.
THE PARALLAX: Can Congress or government agencies take action to reduce current privacy threats?
GULIANI: Congress should pass comprehensive legislation that would require a warrant when police use any technology—current or future—to collect location, communications content, or any other sensitive information. As part of this effort, Congress should take steps to modernize the Electronic Communications Privacy Act, a law intended to protect e-mails, location records, and other electronic communications.
SIMPSON: Baseline privacy legislation passed by Congress would have a great impact. Updating ECPA would be a substantial step forward. I’m not optimistic either will happen.
THE PARALLAX: Do you see momentum for further surveillance chances after the USA Freedom Act?
GULIANI: While the USA Freedom Act contained some positive elements, members of Congress and the public understand that more still must be done. Within months of the USA Freedom Act passing the House, the chamber overwhelmingly voted to reform Section 702 of FISA, a provision of the law being used to collect the content of millions of communications without a warrant.
Congress will also need to tackle surveillance because it is affecting the bottom line for U.S. technology companies. In October, the EU Court of Justice invalidated the existing Safe Harbor agreement due in part to U.S. mass surveillance practices.
LENARD: Probably not.
SIMPSON: I don’t see much more happening.
THE PARALLAX: Can Congress, the Federal Trade Commission, or other agencies take action to limit the amount of personal data that big Internet companies collect?
GULIANI: The FTC has authority to ensure that companies carefully abide by their privacy commitments. We also support comprehensive privacy legislation that would give all consumers certain rights to allow them to better control what information is gathered about them and how it is used.
LENARD: The federal government could make the collection and use of data more difficult but, in the absence of identifiable problems, it wouldn’t be a good idea. Such action would end up harming the Internet economy and consumers. Consumers have repeatedly shown that they are willing to give up some information for clear benefits, such as “free” online services.
In addition, targeted online advertising supported by data collection is, so far, one of the major ways to support some types of online content. It also provides consumers with useful, more relevant information. Policymakers must be very careful to take this into account, if they move to limit the amount of data collected.
THE PARALLAX: What is the likelihood of Congress passing new laws to protect privacy? In the absence of major congressional action, what can Internet users do to better protect their privacy?
GULIANI: There are certainly many opportunities for Congress to pass privacy laws to protect Americans. But, there is a role for private companies and consumers to play in ensuring that their information is secure.
We should all be taking steps to strengthen and use encryption—to help secure our information from hackers, foreign governments, and malicious actors. Encryption is not a substitute for comprehensive privacy laws, but it is necessary to ensure the privacy and security of our information in the Digital Age.
LENARD: Privacy legislation, other than data breach legislation, is unlikely. Consumers already have many tools at their disposal, and companies know that they need to be sensitive to their customers’ privacy concerns.
SIMPSON: I’m not at all optimistic about Congress doing much of anything. In the meantime, people should use strong and different passwords. They should set their browser to private-browsing mode and not accept third-party cookies. They should clear cookies when the browser is closed, and they should install add-ons like Adblock Plus and the Electronic Frontier Foundation’s Privacy Badger, as well as EFF’s HTTPS Everywhere.