The Obama administration has been making efforts to show it is serious about personal privacy, even as the revelations over domestic surveillance exposed by Edward Snowden remain fairly fresh memories.
The latest result is a new document, the National Privacy Research Strategy, which outlines a set of goals and priorities pertaining to federally funded privacy research. Here's a summary of its contents from the Obama administration's official announcement.
Research agencies across government participated in the development of the strategy, reviewing existing Federal research activities in privacy-enhancing technologies, soliciting inputs from the private sector, and identifying priorities for privacy research funded by the Federal Government.
The National Privacy Research Strategy calls for research along a continuum of challenges, from how people understand privacy in different situations and how their privacy needs can be formally specified, to how these needs can be addressed, to how to mitigate and remediate the effects when privacy expectations are violated. This strategy proposes the following priorities for privacy research:
Foster a multidisciplinary approach to privacy research and solutions;
Understand and measure privacy desires and impacts;
Develop system design methods that incorporate privacy desires, requirements, and controls;
Increase transparency of data collection, sharing, use, and retention;
Assure that information flows and use are consistent with privacy rules;
Develop approaches for remediation and recovery; and
Reduce privacy risks of analytical algorithms.
Following the release of this strategy, we are also launching a Federal Privacy R&D Interagency Working Group, which will lead the coordination of the Federal Government’s privacy research efforts.
A Missed Opportunity
The full document runs more than 30 closely-spaced pages of text and at a glance, seems like a serious piece of work. But it doesn't go nearly far enough, according to Constellation Research VP and principal analyst Steve Wilson, who reviewed the document closely.
"The research strategy shows no sign of reviewing, let alone challenging the prevailing privacy philosophy of the US," says Wilson, who leads Constellation's research into privacy and security matters. "In Constellation's vew, the US is increasingly marginalized in worldwide privacy. It is one of two major world economies to have not yet legislated broad-based data protection laws, the other being China.
"There is an increasing schism between the US and Europe over privacy and trans-border flows of personal data," Wilson adds. "US businesses continue to be needlessly caught by surprise by EU rulings like The Right to be Forgotten, the overturning of Safe Harbour, and the awkward re-negotiation of the replacement “Privacy Shield," which is in its third iteration in six months and is still not ratified by the court."
Much more research is required into the American standard view of privacy, on topics such as the relationship between digital innovation, entrepreneurship and information flow, or the limits on business models based on surveillance, Wilson says.
Some Bright Spots
That's not to say the strategy document is a complete failure. Indeed, as a proposed policy sheet, it raises some strong points, Wilson says, pointing to statements such as this:
[P]rivacy concerns the proper and responsible collection, creation, use, processing, sharing, transfer, disclosure, storage, security, retention, and disposal of information about people. This includes decisions by entities about when not to collect, not to create, not to transfer and not to permit certain uses of information to protect legitimate privacy interests.
"The emphasis on restraint is admirable," Wilson says. "I note too that 'creation' is a very worthy inclusion. Few researchers have yet to explicitly recognize that any process which creates personal data has also collected it, and it's therefore subject to regular privacy rules."
In addition, the document takes a strong stand on transparency, Wilson notes:
[T]here has been insufficient effort to develop means to increase consumer awareness and understanding of today’s systems, business practices, and information flows. Greater understanding regarding specific business models, the tools available to individuals to control the collection and use of their data, and the benefits and privacy implications of various data uses would alleviate much of the existing information disparity between people and data collectors/users.
"My research suggests that it is vital that we better understand the mental models people have of how information flows online," Wilson says. "It is held by many digital business people that consumers are savvy in this regard, that people appreciate how there is a trade in personal data for services. But there is doubt in my mind that consumers really understand this. Self-regulation and notice-and-choice approaches to privacy are fundamentally premised on consumers being informed and able to properly exercise choice. What if the personal data trade is distorted by a lack of understanding of how information flows?"
An Uncertain Path from Proposals to Policies
In any case, it remains to be seen how much if any of the strategy's proposals are adopted and funded, particularly with a looming presidential election and incoming administration that may have other priorities higher on the list.
Presumptive Democratic nominee Hillary Clinton is certainly an advocate of personal privacy, considering the controversial saga over her use of a personal e-mail server (Clinton will not be charged with any crimes, it was announced this week). But there's no telling whether Clinton's personal desire for privacy will manifest itself in national policy proposals, should she be elected.
Meanwhile, it's far from clear whether privacy would be a priority for presumptive Republican nominee Donald Trump, who has said he'd "err on the side of security" and would support the resumption of bulk phone metadata collection by the National Security Agency.
24/7 Access to Constellation Insights
If you’d like unrestricted access to Constellation Insights, consider joining the Constellation Executive Network for analyst advice and analyses that you can use.