This year’s State of the Net Conference in Washington, D.C. on January 17th featured a number of lively sessions I attended that addressed issues of online privacy.
The day began with a keynote by Cameron Kerry, General Counsel, U.S. Department of Commerce. Kerry discussed a number of technology policy issues, including the recent announcement that the DOC will open an office promoting online trusted identity technology, where Kerry emphasized that the DOC has no plans to implement “national identity cards.” He also discounted the belief that young people don’t care about privacy, citing recent surveys showing the opposite. He then discussed last month’s DOC green paper on privacy, and said that DOC wants to contribute to improving privacy, and that Americans need better privacy protections.
The first afternoon featured a panel discussion titled, “Online Privacy on Trial: Has Congress Given Industry Self-Regulating Long Enough?” The panel was moderated by Peter Swire, Professor, Ohio State University Moritz College of Law. Swire outlined the issues regarding privacy legislation, and said that the biggest questions involve defining which areas of privacy should be self-regulated and which should be legislated. Swire stressed the need for reform of U.S. privacy laws because of possible conflicts with overseas laws and the possibility of individual US states are regulating, which could create a patchwork of state privacy laws. A vigorous discussion ensued among panelists supporting and opposing privacy regulation in the United States.
Conchetti started by describing some of the issues with cloud computing. He said that while most of cloud computing occurs within a single jurisdiction, cross-jurisdictional issues are unresolved. He also wondered if a cloud service for consumers could become “too big to fail?”
Ed Felten said there were two main things new about cloud computing regarding privacy. One, data is now stored in more places than before, because it is stored in a data center and on your device. Each place where data is stored is a place where something can go wrong with privacy. Two, the number of parties involved in managing data increases by at least one, and sometimes more as cloud services can involve multiple providers. He said we need clear expectations regarding the responsibilities of cloud providers. He said consumers need to have effective disclosure and choice about what happens to their data and how it is stored. Phillip Verveer said that the cloud offers huge benefits, especially the ability of consumers and small businesses to access sophisticated computing. But he also cited concerns about privacy, trans-border data issues, and complications for law enforcement.
Jim Dempsey also said that cloud jurisdiction issues currently unsettled. Dempsey said another thing about the cloud is the concept of protecting intermediates from liabilities for the content created, although this isn’t true in every country. He expressed hope that the cloud will lead to deeper international harmonization of privacy laws. He concluded that while the cloud is new, it brings us back to the same issues we’ve been struggling with for years regarding privacy and security.
— David Burt, CIPP, CISSP