In response to privacy concerns surrounding data transmission and disclosure of information, the federal government has enacted a couple of laws, most notably the Privacy Act of 1974 and the Health Insurance Portability and Accountability Act (“HIPAA”), in order to safeguard individuals’ private information. The Privacy Act of 1974 was enacted in reaction to the dawning age of information and was an attempt by the federal government to protect individuals’ privacy rights. The Act requires governmental agencies to do four things regarding the information they collect and store about private US citizens: 1) to, upon request, tell an individual what information they’ve collected about him or her, 2) to allow individuals to correct or amend that information, 3) to use certain principles when handling and using the information, and 4) to follow certain guidelines restricting how the individual’s information is shared with other agencies and people. HIPAA provides similar protections, specific to disclosures of personally identifiable information in the healthcare setting.
However, despite the enactment of such federal laws, people like Steven Rambam, CEO of Pallorium, an international investigative agency, deliver lectures titled “Privacy is Dead – Get Over It”. The feeling that federal laws don’t protect individuals from unauthorized disclosures of private information is probably due in large part to the fact that neither the Privacy Act nor HIPAA, adequately protect consumers from US law enforcement agency requests for user information, such as requests from the National Security Agency. Instead, providing safeguards from excessive government surveillance falls to the technology companies in possession of private individuals’ information.
There has been a lot of push back from technology companies on both the concept that “privacy is dead” and the idea that the appropriate response to perceived breaches of privacy is to just “get over it”. Instead current and emerging technology companies are putting technological safeguards in place to protect their users against governmental breaches of privacy. For instance, as detailed in another post on this blog, technology companies like Apple and Google have recently updated their privacy policy and introduced passcode encryption technology that the companies themselves cannot bypass. This allows individual consumers to be protected against attempts by law enforcement to incriminate them based on the contents of their Apple or Google electronic devices. Additionally, Facebook is in the process of developing an app that allows anonymity. Users would be able to discuss topics using multiple pseudonyms. These technological developments are arguably in response to public opinion reflected in a statement made by Jameel Jaffer, deputy director of the American Civil Liberties Union, that, “Technology companies have an obligation to protect their customers’ sensitive information against overbroad government surveillance….”
Even before the creation of technological safeguards against unauthorized disclosure of information to US law enforcement, technology and internet companies have battled the US government openly and directly in court and in Congress. In fact, the battle between technology companies and the US government concerning governmental requests for user data continues, as on Tuesday, October 4, Twitter sued the FBI and the US Department of Justice on First Amendment grounds, in order to release a transparency report documenting the exact number of government requests for user information the company received.
Twitter is not the first technology or internet company to sue the US government seeking to change the current rules surrounding data request disclosures. Companies, including Apple, Google and Microsoft, have fought for users’ privacy rights in court and in Congress. In fact, in December 2013, eight companies including Apple, Microsoft, Facebook and Google formed a coalition called “Reform Government Surveillance” to lobby Congress to place greater restrictions on governmental surveillance. The aforementioned coalition settled with the federal government and reached an agreement that would allow for companies to disclose how many government data requests they received in groups of one thousand.
Twitter, however, did not participate in this agreement and instead pushes for further National Security Agency data request disclosure rights. For instance, Twitter not only wants to disclose the number of requests but also what types of data the government had requested. Surveillance law reform is slowly making headway, as companies with strong lobbying power like Apple, Microsoft, Twitter, and Facebook push for restrictions on the US government’s power to compel the disclosure of individuals’ information and engage in bulk, seemingly indiscriminate, data collection. In the meantime, according to the Electronic Frontier Foundation (“EFF”), there are a notable portion of technology companies that not only require a warrant before they disclose user information but also notify users about government requests, publish transparency reports and law enforcement guidelines, and fight for users’ privacy rights in court and in Congress. It might be useful for technology and internet platform users to note which technology companies have their backs when it comes to privacy rights and which technology companies do not.