On Sun, Dec 15, 2002 at 12:22:30PM -0500, Declan McCullagh wrote:
| EPIC is in favor of using technologies to limit the information that
| people disclose. It is in favor of limiting law enforcement
[...]
| But EPIC sharply diverges with some cypherpunks over the question of
| what regulations should be imposed on private entities. It supports --
| may even be the most vocal supporter -- of laws telling you, in Tim's
| words, you must forget someone's previous commercial interactions with
| you past a certain date. It supports broad and intrusive regulations
| aimed at companies' data collection and use practices. It would like
| to establish a European-style (not exactly the same, perhaps, but
| close) "data protection" regime in the U.S., despite all the free
| speech problems we've seen with it in Europe:
I think the issue of data protection vs privacy goes deeper than free
speech. It falls back to Americans being willing to express their
distrust than most Europeans.
American privacy law derives from the 1st and 4th amendments:
Congress shall make no law, be secure in their persons and papers...
However, there is no modern American privacy law which talks about
anonymity, the right to be left alone, or information
self-determination (ironically, a German phrase.) Its all based on
the assumption that privacy law is about "fair" information sharing,
rather than American-style suspicion of information sharing.
I think that a law which re-affirmed the rights to be anonymous, to
call yourself what you will, to be left alone, to not carry or show ID
would transform the debate about privacy into terms in which the issue
could be solved. (At least as it affects private companies.)
Companies would be able to do what they want with your data as long as
you had a meaningful and non-coercive choice about handing it over.
As you point out, this won't solve the issue of coercive government
programs which require ID, or the creeping uses of that data as
authorized by "law."
But the fundamental, underlying issue is that data protection law is
un-American, and all the new that claim to protect privacy (GLB, HIPAA,
DMCA) are really data protection laws. They contain an assumption
that some level of data sharing is "fair" and "necessary." Those
levels are determined by back-room deal making between interest
groups, and the public is rarely represented. (There's a lot of
standard analysis of regulatory capture, public policy making a la
Mancur Olsen, etc that applies here.)
This causes everyone a lot more pain than is really needed.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
