What's Current in Privacy?

The last two blogs were about what should be done. This one is about some progressive initiatives. In terms of national policy, the Snowden disclosures have re-opened an important conversation about electronic surveillance laws.  We are all in charge of keeping that conversation going to the very least conclusion of updating privacy laws such as the Family Education Rights Privacy Act, Computer Fraud and Abuse Act of 1986; the Electronic Communications Privacy Act also of 1986; the U.S.A.-Patriot Act of 2001 and the Foreign Intelligence Surveillance Act, originally of 1978, updated in 2008, but evidently in need of further revision to balance civil rights and national security.    Under the heading of consumer privacy, President Obama commissioned a study a couple of years ago that compiled a consumer Bill of Rights.  Recently, he pushed the issue further by asking John Podesta to explore more carefully “big data” consumer issues. One need go no further than Dan Solove’s groundbreaking book Digital Person published in 2006 on this subject.  Oh, and while one is reading through Dan’s oeuvre, take a look at a new law review article he has published recently, “The F.T.C. and the New Common Law of Privacy.” The title speaks for its thesis, but read the article for details.  As always, Dan is right on the mark of the most contemporary developments in this area.

Privacy issues in education have been focused on K-12.  Naturally, we care about our children, given their vulnerability, and as parents and teachers, our responsibility to watch over their physical safety, emotional and intellectual development. The Child On-Line Privacy Protection Act also offers the public a legal hook to hang concerns, of late especially, about how most common applications ignore the basic rule that use by a person under 13 requires parental permission.  This law joins the list of those in need of revision, if for no other reason that technology has outstripped its applicable effectiveness. Joel Reindenberg’s work out of Fordham’s Law School on Public School use of cloud services breaks the ground in the enterprise area of these concerns and is a warning bell in the night for higher education as well.   An overview of that study has links to press reports as well as the research work.  http://law.fordham.edu/newsroom/32158.htm

SafeGov has for a few years now become a resource for research, information and thought leadership in this broad area of education and privacy.  There is much to be found on their entire site, but allow me to draw attention to a recent, important addition in the vein of Joel’s research: the launching of their portal aptly named: “Students Are Not Products.”  Parents will want to look into for their children, but there is no reason for higher education to believe itself above the message, especially not with the Google gmail litigation as an on-going issue.  Here is today’s report on it, but be sure to update your search every day because it is a moving target (and grist for a future blog J).

EDUCAUSE’s Higher Education Privacy Officer Working Group has been putting out some excellent blogs, resources and other materials in this area in observance of Data Privacy Month. Take a peek. And do not fail to notice the over 50 colleges and universities that are actively engaging in speakers and other events recognizing this past month’s theme.  Only about 3,950 to go!  Is your institution on the list?

Ken Klingenstein, long a leader in the praxis of pioneering ideas and technologies (think: InCommon and Shibboleth, together with the late and beloved R.L. Bob Morgan) for higher education is the principal investigator for Internet2’s National Strategies for Trusted Identities in Cyberspace (“NSTIC”) grant.  Ken and R.L. Bob developed federated identity with a long-term vision to preserve privacy; Ken’s work with NSTIC continues on the path to fulfill that visions.   Among the projects under this grant is Lifestyles of the Attribute Rich and Privacy Preserved (or “LARPP, and disclosure: I am on payroll of this project as its Community Engagement Facilitator).  Only Ken could come up with such a creative name, but only Ken could lead the charge to have computer scientists come up with “Privacy Manager” software that gives real, technical meaning to informed consent on the part of the user in the release of attributes relative to personally identifiable information in authentication.  A pilot group of 12 institutions will implement this software and socialize it around campuses before a broader release in higher education.  Watch for news about its development and wait for it to come to a school near you. Institutions that tout themselves as “international” should be especially eager to adopt it as a means of harmonizing the privacy practices of developed countries and the strange, sectoral patchwork of U.S. privacy laws and safe harbors.

Sensing that you need to know more about the significance of privacy in higher education?  Again, disclosure, but I could not imagine a better one-stop shop that to attend the Higher Education Privacy Forum that Dan and I are hosting at George Washington Law School on May 8, 2014.  When you review the schedule, do not miss the speakers: Fred Schneider, Computer Science, Cornell University and internationally recognize expert on network security … because he has always incorporate policy in general and privacy in particular into his research.  Harry Lewis is also a CS professor, from Harvard and has written a book, Blown to Bits, that was prescient and therefore remains relevant.   He might also tell us more about the resolution of the email controversy at the Big H.  Dan will talk about NSA and the Snowden disclosures.  And finally, up and coming as a speaker and most definitely as an issue is the privacy and security of research data and computing.  Bill Barnett.  By the way, the event is FREE!  No registration expense, just get there or be square!  More information here.