It’s Time to Update National Digital Privacy Laws
by By Mark Grabowski

Thirty years ago, there was no World Wide Web, almost no one had a cell phone and the only drones flying above of concern were bees. It was also the last time Congress substantively updated our digital privacy laws.

Opinion LogoSince 1986, technology has advanced at a breakneck speed, making privacy laws governing it grossly outdated and out of touch with how people use, store and share information nowadays.

“U.S. privacy laws are so far behind the rest of the world that it … falls short of the requirements of international human rights norms,” said Jeremy Malcolm, an analyst at Electronic Frontier Foundation, a San Francisco-based digital rights group.

Facing growing public concern, California’s State Legislature has enacted several measures to protect digital privacy. But it’s not enough because state laws are limited in scope and the Internet is borderless.

Laws Lag Behind

Our digital footprint is being tracked by the government, businesses and even schools in ways that were once unthinkable. Ongoing high-profile cases, such as the feds’ battles with Apple and Microsoft to access customers’ data, are comparatively innocuous intrusions — at least for those, authorities got search warrants and the public found out.

Although law enforcement officials typically need a warrant to search people’s home computer, read their mail, eavesdrop on their phone conversations or even to see which library books they borrowed, they often don’t need one when creeping into Americans’ virtual lives.

Under the Electronic Communications Privacy Act, or ECPA, of 1986, warrants are needed only to access online communications — emails, text messages and chats — less than six months old. If it’s older than six months, no warrant is necessary. Draft emails, Web browsing history and files stored in the cloud are available without a warrant regardless of how old they are.

The government isn’t the only one abusing America’s outdated laws.

Prying eyes are everywhere. Drones with cameras are being used by police and civilians alike to monitor people in their backyards.

Cell phone carriers, Internet service providers, websites and apps can mine all kinds of personal information about their users and sell it to the highest bidder. That’s why users often see ads that mirror the content of their messages.

Many schools and employers now “Google stalk” applicants without their knowledge. A person could be rejected for a job or college because of a scandalous photo a friend posted of him on Facebook years ago — and never know why. To circumvent social media privacy settings, some schools and employers have gone so far as requiring applicants to reveal passwords.

Even Americans who choose to avoid the Internet altogether are not immune from privacy concerns. For example, ZabaSearch is one of many sites that provide details on almost any person, including age, address, assets, relatives’ names and more. This information was publicly available pre-Internet, but technology has made it much easier to quickly dig up information about anyone. That’s made stalking, identity theft and blackmail easier than ever, too.

An online industry has developed around the controversial practice of posting mug shots of local residents who were arrested, including mere jaywalkers and children. While the sites are based entirely on information already publicly available from police, they do not detail who was ultimately convicted of a crime or had charges dropped. Some opportunistic websites charge $400 to remove arrest information, even if a person is innocent.

Unlike people, the Internet never forgets. Thirty years ago, if people did something embarrassing, others eventually forgot about it or at worst, they could change their name and move away. Now, that information lives online forever — unless you live in Europe, where “right to be forgotten” laws allow individuals to request that search engines remove listings for their name.

Upgrading Laws

These problems can be fixed. But don’t count on Congress. Lawmakers blocked a 2012 proposal to prevent employers nationwide from demanding social media passwords. And they haven’t made much progress on legislation first proposed five years ago that would update ECPA.

Meanwhile, the U.S. Supreme Court has been reluctant to address these issues and make broad declarations on how ECPA should be interpreted in the Internet Age. Given that justices admit to being behind the times and not using email, perhaps we shouldn’t hold our breath.

Tired of waiting for the federal government to act, California lawmakers have implemented a series of trailblazing laws protecting digital privacy over the past decade.

For example, the state criminalized publishing identifiable nude photos online without the subject’s permission, banned employers and schools from asking for applicants’ passwords, required police to get a warrant for any online data, prohibited paparazzi from flying drones above private property to record any activity and gave children the right to erase social media posts, among other measures. Many more pieces of legislation aimed at expanding Californians’ digital privacy rights are under consideration.

While all of these new requirements help, the state can’t fully remedy privacy concerns.

“The Internet goes through every state and outside of the country and, if we’re really going to be serious about protecting privacy, we need a national approach to that,” said Ari Rosmarin, an attorney with the American Civil Liberties Union. “State law will have a hard time reaching federal agencies and others that operate out of state.”

Until that happens, Americans will have to choose between new technology and privacy.

Mark Grabowski is a lawyer and teaches communications law at National University in San Diego. This article is reprinted from The Times of San Diego which, along with The Moderate Voice, is a member of the San Diego Online News Association.