My last post was about how we’re steadily moving towards consumer online privacy regulations over the collection and use of personal online data by businesses. At the same time, however, we’re seeing the US government relentlessly expanding their efforts to monitor people online – and in ways that may completely negate any efforts to regulate the privacy practices of businesses.
It is the fear over cyberterrorism (a term you can’t expect the average person to understand) that is driving many to cede their privacy rights to the government. There are two competing cybersecurity bills working their way through Congress: the Cybersecurity Act of 2012 and the Secure IT Act. They differ fundamentally in areas of jurisdiction (the NSA versus the DHS) and whether the voluntary approach promoting and fostering public-private collaboration is sufficient, or a whether a regulatory approach is also required. But what they have in common is the aggregation and analysis of data on unprecedented scales.
In the background to all this, the Obama administration has just expanded the ability of the National Counterterrorism Center (NCTC) to retain data on people for five years (previously, it was 6 months) – even if they are not suspected of terrorist activity. The NCTC receives data from many other agencies.
So at the same time one side of the US government (the consumer protection side) is restricting what personal data businesses can collect, another side (the cybersecurity side) is moving not only to expand its own access to and control over personal data, but also to enlist in its efforts those very same businesses whose data collection efforts the FTC is otherwise trying to restrain: ISPs and mobile carriers, search engine and web portal companies, social media companies, etc. This opens a very wide door to abuse of any consumer privacy efforts currently underway with the FTC.