If there’s anything the most recent scandal with the NSA raises, it’s the issue of data privacy. Companies have access to the information we store with them, but how or should the government be able to access that data? How do we protect our rights to privacy without losing the amazing benefits we gain from the services the internet provides? Currently, the best mechanism for keeping information private is encryption, but if I were to upload encrypted information to most websites it would render the services they provide useless. Encryption is simply a stopgap measure until we have proper laws guarding the safe storage of information.
Taking a step back, there are many benefits to providing third-parties with our data. Some internet services in fact operate more efficiently based on the shear volume of data that is able to be analyzed. Gmail for example provides both excellent spam filtering and priority inboxing which help cut down on the amount of time I spend each day processing emails. I don’t want this and many other modern conveniences to go away, they are just too useful to simply be eliminated.
I think the best way to handle this new reality is to create a body of laws that govern personal information on the Internet. We have disparate entities interacting on a medium that is global and owned by no one. Even though the physical data itself might be located in a particular jurisdiction, the information is moved around across the globe on a second by second basis. Furthermore, with the advent of the cloud, the physical location where the information is stored becomes increasingly irrelevant as our data can be transferred from one location to another with a click of the button. Why then are we still thinking about the data in the old fashion way of where it is stored? It’s counter-intuitive to think about the cloud in one way and govern it in another. The fact that the information has to be physically located on a hard disk, is a limitation of the technology, not of the theoretical desire to have our information as accessible as possible.
Therefore, if we stop thinking about users’ data as linked to the physical medium it is stored on and start thinking about it in relation to the users themselves, a whole new notion of these internet based laws emerges. A user’s data should be thought of as an extension of the user, not a standalone object. This has an interesting consequence on who is served the search warrant for the information. In the new scheme, if the government would want my data, they would have to serve me the warrant and not the company hosting that data, the same way they have to serve me the warrant if they want to search my home. Another relevant corollary is that according to this new scheme, a foreigner’s data stored in a United States server should be governed by the government of that user and not the United States. Then, if the United States needs to seize that data, they would have to go through the established international legal protocols.
By changing the way we think about users’ data we can more appropriately address the challenges facing the internet in the coming decade. As the dust settles from this recent NSA security breach, we should not focus on whether people have our data, but how they should treat it once they do.