February 21, 2013 By Colin Wood
Whenever a new technology emerges that could help police officers or public safety workers do their job more effectively, it's almost inevitable that privacy concerns will arise. And Google, being at the forefront of Internet and technology privacy issues, stated on its blog that it will take a three-pronged approach to technology privacy -- one of which includes how the law currently views much of the content stored online. And this change could affect how officers of the law perform investigations.
Google will uphold its transparency policy and strict request for information process, but the company also stated it would advocate for updating laws such as the U.S. Electronic Communications Privacy Act (ECPA), “so the same protections that apply to your personal documents that you keep in your home also apply to your email and online documents.”
If implemented, this would likely require government investigators to obtain a search warrant when requesting access to old emails and messages stored online -- something the ECPA doesn't currently account for.
While there is a need for balance between the public's rights and the needs of police, said Michael Palladino, president of the NYPD Detectives Endowment Association, he also said he would oppose legislation that would make it more difficult for police officers to investigate crimes and protect innocent people.
“I think we should be exploring ways to protect our people more than exploring ways to prevent law enforcement from getting their job done,” he said.
Changes to existing legislation are likely, Palladino said, adding that technology has been a great boon to police, opening new avenues for investigation where previously leads would have dried up.
“If they want to put legislation in to raise that bar a little bit, I'd have to see what the legislation says," he said. "And if the legislation is unreasonable, we will lobby against it."
While police departments are sometimes criticized for encroaching on personal privacy through the use of technology, they shouldn't be, said Gartner analyst Andrew Walls. “They're using the tools available to get their jobs done,” he said, adding that police officers are following the law.
If the public wants to change how police officers do their job, Walls said legislation should be the mechanism by which change is created. And currently, Walls explained, the ECPA is a hodgepodge of rulings, laws and precedents that doesn't reflect the public's conception of how online privacy should work -- the laws are not keeping pace with technology.
For instance, a password-protected Google (or Yahoo or Hotmail) email account is not protected by privacy laws because the user doesn't possess the physical server that stores his or her information.
“If you have asserted some level of security over it to maintain some level of access control or confidentiality, then there is a perception on the part of the user that they are controlling it -- that they own it, that it is their property to manage and they are simply employing this other agent to act as their repository and the mechanism they use for transport of those messages,” Walls said. “But the law doesn't regard it that way. The law tends to be very technology-specific in terms of hardware.”
Digital privacy laws, Walls argues, should be changed so that technology is ignored to an extent. He recommends shifting the focus to emphasize the actions and perceptions of the user, rather than the specific technologies employed.
For instance, FTP file transfers use network port 20, while IMAP, the protocol that handles email retrieval, uses network port 143 -- and legislators should not be concerned with such specifics, including where cloud-based information is stored, Walls said. They should instead look at what is happening from the user's perspective. “The gray area is created by how the law itself is written,” he said. “I don't think there's a lot of gray area in how society interprets concepts of ownership and concepts of privacy.”
While some would place responsibility on the user and emphasize the concept of a free market to determine which products are used, Walls said that often doesn't work when it comes to technology. "Free markets depend on transparency,” he said. “Transparency is not provided in any of this.”
A company providing a mobile app or service can simply lie to its user base, touting a product as being secure, Walls said, adding that if there's no law requiring the company to provide that security, there is no way for users to know if those promises are being upheld until it's too late. “You cannot make an intelligent, informed decision until something blows up,” he said. “Depending on crisis and catastrophic failures is not a way to drive a market. Transparency is what is required, and the cloud is not known for its transparency, in terms of how things work.”
Emerging technology will find balance eventually, Walls said, and overall Google is doing the right thing by pushing for changes to the ECPA so that everyone will have an accepted set of standards to follow.
You may use or reference this story with attribution and a link to