by Daniel J. Solove
After Apple announced that it wouldn’t provide law enforcement with an easy back door to access data on people’s devices, we heard loud whining coming from the FBI and various security proponents that this would be bad for security.
Staunch security proponents cheered when the U.S. Supreme Court failed to apply the Fourth Amendment to many situations, such as when third parties possess people’s data, resulting in instances where there is hardly any restriction on government access. The security proponents pushed for the USA Patriot Act. They lobbied to keep allow for greater searching powers under federal electronic surveillance law.
The won the battle. But they may have lost the war.
Maybe if we had adequate Fourth Amendment and statutory protections of privacy, there wouldn’t be as strong a push for self-help measures to protect privacy. Maybe if the NSA didn’t overreach and abuse its power, there wouldn’t be this backlash.
But instead, we let the NSA run rampant, we didn’t address our inadequate protections against government surveillance, and Congress and the President have not done enough to address the public’s concern. The result: Now government officials might be a lot more limited in their ability to gather data.
There’s a virtue in being well-regulated and balanced – people feel that the situation is under control and there isn’t a build-up of fear and resentment that ultimately manifests itself in measures that may push far in the other direction.
Another case in point: The Family Educational Rights and Privacy Act (FERPA) is a weak outdated law that has failed to protect privacy and data security in schools. When parents learned how many companies were gathering their children’s data from schools and using it in ways they didn’t fully understand, they became angry.
The result: Lots of state laws, including a new California law about the privacy of student data.
Many companies are probably not happy about this because so many different laws are harder to comply with, and some state laws might be too strict and prevent beneficial uses of data.
Maybe if there were a better law on the books than FERPA, the current situation wouldn’t have happened.
If the pendulum swings too far to one side, don’t expect it to stay there or to just drift gently back to the middle. Instead, it might just swing way to the other side.
A common approach to regulation is to push hard against it, to resist it at all costs, even if reasonable or balanced. The mentality is to make things as favorable for your interests as you can. I often see this attitude among companies and the government. Privacy advocates also pursue interests as far as they can push them, as do advocates for other issues too.
On the surface, in in the short term, the impetus to push hard makes sense. Why not be zealous? Why not make things as favorable as possible for your interests?
But keep in mind the pendulum. If the balance is bad, the pendulum will swing. And it often doesn’t just settle in the middle.
The best way to prevent very onerous regulation is not to unleash armies of lobbyists to fight every whisper of regulation but to try to get good regulation in place. Good regulation isn’t necessarily the most favorable to your side, but it is balanced, practical, and establishes a solid compromise position. Pendulums don’t swing from one side to another if they are at rest in the middle.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is an “LinkedIn Influencer.” His blog has more than 800,000 followers.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter
Please join one or more of Professor Solove’s LinkedIn Discussion Groups:
* Privacy and Data Security
* HIPAA Privacy & Security
* Education Privacy and Data Security