Tech Talks Kick off With U.S./ E.U. Surveillance Law Battle

Tech Talks Kick Off with the Surveillance Law Battle Between the U.S. and Europe.

By Janice Weber

          Cardozo Law Tech Talks opened with a panel discussion of global surveillance law, data collection and retention, and privacy policy as they play out, often in very different ways, in the U.S., Europe, and the E.U. Front and center: technology and how it has reprogrammed our very notion of privacy.  “The Benjamin N. Cardozo School of Law has long been at the forefront of both business law and intellectual property and information law,” said Dean Matthew Diller in introducing the first Cardozo Law Tech Talks, on Tuesday October 7^th in the Jacob Burns Moot Court Room. “Technology is transforming how law is practiced and businesses operate, and raising a whole new set of legal issues that we have never before confronted, requiring attorneys with a global perspective and a deep understanding of technology.”

Or as one of panelists, Former U.S. Attorney Joseph DeMarco put it, "In addition to the difficult questions and fundmentally philosophical reasons we are engaging in this debate, there's a joker in the deck... and that's technology."

          Focused on the nexus of law, business, and technology, the school places a premium on the study and discussion of the issues emerging from this vital connection. Tech Talks is an ongoing series that brings together a broad range of experts—attorneys, academics, government officials, business leaders—to share their real-world experience and ideas, and to discuss—and debate—the impact of technology on today’s ever-changing legal ecosystem.

           Surveillance and the attendant issues of privacy have a long history. An eavesdropper, a pejorative first used in the 17^th century, stood by the window of someone’s home, under the dripping eaves, to secretly listen in on a conversation—a breach of privacy as abhorrent then as it is some 300 years later. Today, with the emergence of smart technology and the Internet Age, our highly valued, democratic ideal of a “reasonable expectation of privacy” has changed What happened to alter privacy policy between the Wire Tap Act of 1968, designed to prevent unauthorized, warrantless government access to private telephone calls and the post-9/11 Patriot Act? How is it that we now live in a world so open and connected we have “friends” across the globe, yet are subject to powerful electronic surveillance via the Foreign Intelligence Surveillance Court (secret) and the National Security Agency (largely secret until revealed by Edward Snowden and WikiLeaks). As one-on-one conversation morphs into zeros and ones; personal information becomes impersonal data, free for the taking; as data becomes a commodity bought and sold by government, business, and a host of traders of information whose purpose and use of that information is hidden from us, Tech Talk panelists took on the difficult questions that technology brings to the legal debate.

            In talking about privacy, security, or surveillance law in the U.S. today, we have to be specific about what we’re talking about, cautioned attorney Joseph DeMarco, former U.S. attorney now in private practice, and a leading expert on Internet crime and the law relating to emerging technologies. There are three big buckets of privacy law, each with interesting questions attached to them: Are we talking about the government getting information about us? Are we talking about information from us that we give to the government? Or, are we talking about third parties that we freely or unwittingly give that information over to? “The tensions in litigation regarding phone records, emails, and other communication really come down to whether you believe that the information stored by you through a 3^rd party provider is within your expectations of privacy or not.”

            As for the larger, philosophical view of privacy law, DeMarco said, “The mere fact of collection hurts the ecosystem, it hurts civil liberties. So even as a former government official and someone who is generally in the middle in these debates, I believe strongly we should care that there is a harm, something that we can trace back to the Magna Carta—it’s our civil liberties.”

          “There are distinct differences between U.S. and European surveillance law,” according to Swiss attorney, Sylvain Métille, who specializes in privacy and data protection, surveillance, advanced technologies, and European Court of Justice policy. For example, “in Switzerland, the authorities cannot do any monitoring that infringes on the right to privacy unless the Parliament passes specific laws allowing the state to do so.” In contrast, “the police in the U.S can do whatever they want as long as the Congress does not establish a specific prohibition.” In general, the focus of European surveillance law is on collection, and in particular, limiting retention of information—how much information can be held, for how long, for what purpose, and under whose aegis.

            In 2006, the European Court of Justice came out with a significant directive with broad surveillance implications. Arguing that these rules were necessary for authorities to investigate and prosecute organized crime and terrorism, the ECJ directive freed service and network providers from legal liability in order for them to retain data “for the prevention, investigation, detection and prosecution of criminal offences.” In April of 2014, the Directive was voided and the former view of data collection restored: “You cannot collect data on an unsuspecting person with the intent, or possibility, of using it later.” Métille said. “The collection, retention, and transfer of data—each constitutes an infringement on privacy and needs to be justified as such.” In other words, “in accordance with the law and consistent with a democratic society, privacy is a constitutional right, accorded to all citizens.”

            In comparing U.S. privacy policy with that of the E.U. and Switzerland, Felix Wu, Associate Professor of Law, Cardozo School of Law, and Faculty Director of the Cardozo Data Law Initiative, pointed to the many different “policy levers” used to determine the scope and nature of any given surveillance law, here and abroad. For example, international policy generally differs with U.S policy in a number of key ways: the collection of content versus metadata; the bulk collection of telephone records without warrant versus the more targeted collection policy requiring a warrant before surveillance can take place; the long term retention of data until it is sorted out and a use found, as favored by the NSA, versus limited retention of data favored by the ECJ. And then, there are the decision-makers who determine policy based on their particular agendas. “Decisions about the legality of any given activity are being made by corporate executives, by those trying to prosecute crime, by intelligence agencies such as the NSA, and judicial authorities like the European Court of Justice,” says Wu. The resulting multiplicity of laws raises the question: can a consensus be reached across so many cultures and boundaries about how to design privacy policy that meets the standards of all of the stakeholders?

            Professor Wu also referred to traditional 4^th Amendment law. “Why is it that we set up the home as the kind of sphere that the government is not supposed to intrude upon?” he asked. “Why is the home so important?” The home provides a place of repose, a private sphere in which to retreat, to have certain experiences without intrusion, free from the chilling effects of outside interference. “Just the fact that we have all of these search results aggregated and collected can be problematic. It makes it harder for people to investigate things, to find out things in the world, and that seems to be a distinct kind of harm, and something that happens as long as the act of collection is going on, whether it’s a government party or a private party.”

            In the post-Snowden era, the more the government uses technology to mine personal information, the more people use readily available, more sophisticated technology to hide their personal data behind an impenetrable wall of encryption. The latest iPhone comes armed with default encryption capability using code that is nearly unbreakable “And so we have incompatibility,” said Wu.“  On one hand, people want the right to hide these facts; on the other, the government wants to get the facts for a multitude of reasons.” said Prof. Wu. The result is “a kind of information paradox, a straining to hide and to uncover, not a great way to think about how to design fair and legal privacy protection systems going forward.”  

            “While we are rightly concerned about government surveillance,” said DeMarco, “we should also be concerned about that surveillance that we ourselves bring into our homes.” With the explosion of the ‘internet of things,’ data collecting devices become “part of the family: our refrigerator communicates with Fresh Direct so that the milk arrives on time, our dishwasher, our louvered blinds, our entertainment systems, make life easier while continually communicating with us by our smart phones, using intermediary providers who are also storing data all along. Just don’t ask too many questions about where I’m going to keep that information for how long, or what I’m going to do with it.”   

“Just wait for the robots,” says Demarco, “but that’s another story.”

_____________________

Moderated by Nathan Wessler, staff attorney with the ACLU's Speech, Privacy, and Technology Project, handling cases involving both free speech and privacy issues, the panel included:

Joseph V. DeMarco, partner at DeVore & DeMarco LLP, where he specializes in information privacy and security, theft of intellectual property, computer intrusions, on-line fraud, and the lawful use of new technology. His previous experience in private practice and as a U.S. Attorney handling cybercrime investigations has made him a leading expert on Internet crime and the law relating to emerging technologies.

Sylvain Métille, Head of Technology and Privacy, BCCC Attorneys-at-law, Geneva, Switzerland, specializing in privacy and data protection, surveillance, advanced and emerging technologies, and European Court of Justice laws regarding data collection and retention.

Felix Wu, Associate Professor of Law, Benjamin N. Cardozo School of Law, and Faculty Director of the Cardozo Data Law Initiative, where he combines his expertise in theoretical computer science with information law scholarship, which spans freedom of speech, privacy law, and intellectual property.