Christopher Soghoian, An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government

By privacylaw | Posted on

Christopher Soghoian, An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government

Comment by: Paul Ohm

PLSC 2010

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1656494

Workshop draft abstract

Today, when consumers evaluate potential mobile phone carriers – they are likely to consider several differentiating factors: The available handsets, the cost of service, and the firm’s reputation for network quality and customer service. The carriers’ divergent approaches to privacy, and their policies regarding government access to customers’ private data, are not considered in the purchasing process – perhaps because it is practically impossible for consumers to discover this information when they are choosing their carrier.

The differences in the privacy practices of the major players in the telecommunications and Internet applications market are quite significant – some firms retain identifying data for years, while others retain no data at all. For a mobile phone user investigated by the government, this difference in logging practices can significantly impact their freedom.

A naïve reader might simply assume that the law gives companies very little wiggle room – when they are required to provide data, they must do so. However, this is not the case. Companies have a huge amount of flexibility in the way they design their networks, in the amount of data they retain by default, the exigent circumstances in which they share data without a court order, and the degree to which they fight unreasonable requests.

This article will outline the numerous ways in which telecommunications carriers and Internet services currently assist the government, providing easy access to their customers’ private communications and documents. Relying on several case studies, this article will analyze the specific product design decisions that firms can make that either protect their customers’ private data by default, or make it trivial for the government to engage in large scale surveillance. This article will also examine the flow of money between the government and carriers, who are statutorily permitted to demand reasonable compensation for their assistance, and will discuss the public policy advantages of surveillance as either a corporate profit center or a corporate tax.

Overall, this article will attempt to deliver some degree of transparency which is currently missing from the privacy market, and will outline a path to an eventual scenario in which consumers evaluate privacy approaches in advance, and firms can effectively compete for consumers on their willingness to disclose data to the government. Such a degree of transparency will permit the market to punish (or potentially reward) firms that put the governments’ needs first.