Silicon Valley and Its Role in Real Digital Privacy Reform
September 22, 2015
Why We Need Digital Privacy Reform Now
The Federal Electronic Communications Privacy Act (EPCA) was passed back in 1986. While this privacy legislation has had modest updates since, its basic substance addressed the needs of people in a world where there was NO Internet and NO search engines.
World Wide Web didn’t go live until 6 August 1991, becoming publicly available on that date. Google wasn’t founded until Larry Page and Sergey Brin filed for incorporation in the State of California on 4 September 1998.
Our universe looks a lot different now.
Not only do we have a thriving Internet and a choice of search engines where information is instantly available, we also have created opportunities for the bad guys to use our information for their own purposes.
The last straw for those championing electronic privacy was the chilling revelation via Edward Snowden’s information leak that the NSA was indiscriminately watching us without a warrant, raising the question of acceptable privacy standards.
In answer, the ACLU and other privacy groups began taking steps to update EPCA on both the state and federal levels. This article discusses important aspects and the progress of this bill and privacy legislation in California.
What’s significant about California’s bill is that major players in Silicon Valley have lent their voices to components of the bill.
These industry giants are influencing the design and enactment of privacy reform legislation.
You’ll see in this article why getting the California bill—CalECPA [pronounced Kal-ek-puh] into the mix early will allow a better state-by-state consistency and eliminate problems down the road.
Status of CalECPA: The bill has passed both the state senate and assembly and is now in queue—a rather dense queue—behind a few HOT bills that await Governor Brown’s signature.
Source
On Tuesday, September 1st, 2015, Jess Hemerly, the Public Policy Manager at Google, met with 1.Gautam Hans, Policy Counsel at CDT, and 2.Chris Conley, Policy Attorney of the ACLU in Northern California to raise awareness within the tech community and to update people on the status of CalECPA.
Protections CalECPA will provide that currently don’t exist
Hardly anyone is not connected to the Internet. Our lives can barely function without it. With that comes the entry of all of our personal information and the realm of digital privacy. This information is more valuable than gold, and is used or sold by just about everyone who collects it.
A surprising amount of metadata—such as location—can be gleaned from our devices.
While that might seem good from a safety perspective, what if that same information is used in court? Though good for detectives, it’s also good for bandits.
“CalECPA imposes real, meaningful privacy laws in the State of California,” says Conley, “To ensure that digital information receives the same protection that physical information receives.”
Under the U.S. Constitution, law enforcement cannot seize physical evidence without a warrant. To legally search your home, office, car and so on, law enforcement must have a search warrant.
“Unfortunately,” says Conley, “Seizure of evidence is not as clear when it’s your personal content in the cloud.”
Likewise, tracking your location through meta data like phone records will be protected under CalECPA. It also outlines the proper application of these laws.
California Law Vs Federal Law
CalECPA harmonizes with federal law, which explicitly allows states to provide additional digital privacy protections so they’re not bound to federal laws where state laws present a higher standard.
The National Significance of CalECPA
Gautam: “California has a high percentage of early adopters of technology, including some of the major tech companies—Google, Twitter, Facebook, and Apple. In terms of technology law and privacy legislation, where California has acted, other states have followed, and sometimes even the federal government.
“A really good example of this is Data Breach Notification. California is one of the first states to enact a data breach notification law, which now has spread to roughly 47 other states.”
“CalECPA not only limits the amount and types of information gathered but also has Suppression Remedy, which stops data from being used in a trial that was collected improperly.”
If you’re not familiar with data breach, information owners, like patients, have the right to know if their medical data has been breached, so they can arm themselves against potential exposure risks.
Current Status of the Reform Bill
The bill was passed in the State Senate in June, and the State Assembly in September. It’s currently in the Governor’s Office awaiting his signature. But, it’s not of the woods yet.
Governor Brown blocked the bill in 2014. But recent events have changed perspective.
“What has changed since that time,” said Conley, “is the revelation of surveillance by the NSA and the need for legal limits and procedural safeguards on government access to and use of personal information.”
A broad coalition of companies, such as: Google, Facebook, Apple, Twitter and many others are supporting this bill.
What About Law Enforcement?
“None of the major law enforcement agencies are opposing the bill,” Conley added. “They’re all satisfied by the amendments made, the tone of the bill that it adequately allows them to do their job—to protect public safety while protecting personal privacy. They don’t view this as something detrimental to their organization.”
The most important thing is to have a bill that reflects the time in which we live and modern privacy standards. The bill must be prepared to adapt to the technology landscape of the future.
Gautam Hans
The Center for Democracy and Technology in San Francisco works on a range of technology policy issues which includes: consumer privacy, law enforcement access, and free expression. The CDT is pursuing section 215 issues at both the federal and state levels.
Chris Conley
Is an attorney and reformed computer scientist at the ACLU. His role in California is to work on the intersection of privacy, free speech and new technology. He works on legislation and with businesses and individuals on ways to promote and expand the rights of individuals to protect their personal information in the digital age.