Courts Globally Struggling With Updating Laws To Keep Pace with Tech Changes
Laws and legal systems in the U.S., U.K. and other nations are struggling with ways to protect the physical safety of their citizens and people's personal electronic communications and data, said panelists at a Columbia University digital policy forum Monday. They cited challenges among law enforcement and national security agencies in accessing people's data stored in other countries, legal roadblocks in getting information on encrypted devices and problems of applying traditional statutes to current and emerging technologies.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
In 2013 and 2014, David Omand, former director of the U.K. spy agency Government Communications Headquarters, said citizens in the U.K. and Europe realized the extent of government spying that triggered a “moral panic over privacy.” But with various terrorist attacks in Paris, Brussels and elsewhere last year, they also recognized the legitimate need for intelligence gathering to address national security and criminal concerns. But 2016 is potentially the year of “digital reconciliation” when mature democratic governments figure out not only how to keep people safe, but also to protect their personal information, he said.
But Omand, a visiting professor at King's College London, said middle ground needs to be found between "privacy zealots" who want hard encryption in everything, which would give "free rein" to criminals and terrorists, and intelligence and law enforcement officials, who want back doors to encrypted devices and services that would undermine the use of technology and the Internet.
There are three big trends in U.S. courts and those around the world, said Alan Butler, senior counsel with the Electronic Privacy Information Center. One is the jurisdictional issues created by the different legal systems and how they deal with data, he said. Ultimately those issues will be solved, but underlying agreements and substantive protections are still being developed to make that work, he said. Countries need to recognize “proper substantive protections,” he said, not accept the lowest common standard, and they must also establish an “international language of privacy.” But if countries feel their rights are being diluted, they could impose “localization or protectionism” to try to shut off or minimize data flows, which could be costly for countries and businesses, he warned.
Another trend is trying to apply Fourth Amendment standards to new areas of technology, but there’s “a breakdown or a disconnect” between the physical analogies used to develop those principles and the current ideas, said Butler. He cited the landmark Supreme Court case of Riley v. California in which the court said police must get a warrant before searching information on a cellphone (see 1406260073). “I think the court rightly recognized in that case we’re simply not talking about apples and apples,” said Butler. “That when you’re talking about digital data you can’t sort of rotely apply physical concepts or rules … to data. You have to recognize that fundamental difference in scale and in scope of those records.”
Butler said traditional rules also can’t be applied to location data stored by third parties or by individuals. He said such data points could catalog movements of an individual for possibly up to several years, meaning it brings into play a fundamental issue about the freedom of movement and association. The courts are trying to “reconceptualize” the application of the Fourth Amendment to that data, he said.
When it comes to encryption, Butler said countries need to make those standards stronger, not weaker and not implement new rules that limit the accessibility of strong encryption to individuals globally. For instance, he cited the Apple vs. FBI cases (see 1604180028) in which the government wants to control encryption software. But those efforts are “doomed to fail” since encryption tools are freely available on the Internet, and the focus should be on hardening protections, he said.
Rather than weakening cryptography, intelligence and law enforcement agencies should use metadata, which “might actually be the best answer,” said Steve Bellovin, a Columbia University computer science professor. Metadata is “incredibly revealing” and “so very hard to conceal technically” and even former NSA Director Michael Hayden cited the importance of such information in the agency’s operations, said Bellovin. Metadata is high quality information that's “retrievable, learnable and discernible,” and “life and death decisions can be and are being made based on it,” said Bellovin, a former FTC chief technologist.
Omand said not to use the term “metadata,” but define it as “who called whom, when, where and how in the Internet era.” That way intelligence and law enforcement agencies are restricted from accessing, for example, a person’s pages or full browsing history, which can be considered as content of communications.