Privacy Rights Pertaining to the Developing Cyber World We Live In

I wrote the paper below on privacy rights in the digital era and how the fourth amendment can be applied as such. If you are interested in this topic and want to do further research, there is a podcast channel I follow and like on Spotify. It is called Tech Policy Podcast and they just did an episode on this exact topic. The episode is called #339: Will Tech Swallow the Fourth Amendment.

Introduction

            A large concern expressed by the general public is the right to privacy when dealing with the cyber/online sector. One major factor that influences the privacy rights of people in the cyber realm is our fourth amendment in the United States. In this paper, the focus will be on the fourth amendment, privacy rights and how these pertain to the cyber world of individuals, companies and countries. Some of the points covered in the sections below include: an explanation of the fourth amendment, influential court case pertaining to the fourth amendment, companies right to privacy/ keeping their customers data private, various types of laws concerning cyber privacy, and recommendations on how to improve the grey area of privacy rights within the cyber realm.

Fourth Amendment Defined

In order to discuss the complex topic of privacy rights when it comes to the digital realm, first you need to understand the fourth amendment pertaining to privacy rights. Privacy rights started with the United States Postal Service, its constitutional protection and concealment of mail which is the basis of how to administer telephone and Internet communication privacy (Harper, 2022). Thus leading us to how the fourth amendment is administered knowing that telephone and internet communications cannot be searched without a warrant. The fourth amendment does not directly state the right to privacy but instead prohibits unlawful searches and seizures. This amendment is typically viewed as more narrow rather than general right to privacy. In addition, the amendment states that a person’s body, home and other belongings are protected from unlawful search and seizure. Finally, probable cause is required in order to issue a warrant for a search and seizure (Holt et al., 2017).

Court cases that influenced Fourth Amendment applicability

Of the many court cases that have made major influential impacts in the United States court system, Katz vs. United States in 1967 is most impactful when discussing the fourth amendment. In this case, the United States Supreme Court ruled that Kats had a right to unlawful search and seizure and the reasonable expectation to privacy which were all violated (Nelson et al., 2019). The government had wire tapped the phone booth Katz used to do illegal dealings. In this case, the government stated that the amendment protects people not places thus leading to the reasonable expectation of privacy clause (Wenger, 2021). Katz had a right to believe that while he used the public telephone he had a right to expect privacy, in which the wire tapping infringed on, and the court ruled in favor of him (Holt et al., 2017).

Exceptions to the Fourth Amendment

Many laws fall into the grey area than black and white; this is especially true when it comes to the laws and cases pertaining to the fourth amendment. In the following section, some of the exceptions to the rule are discussed in accordance to the fourth amendment. First is the right to a warrantless search, even if it does infringe on a person’s reasonable expectation of privacy, if it falls within the exception bounds. These bounds consist of a search of someone who has just been arrested in order to see if they have drugs or weapons on them. The second exception is known as the plain view doctrine. This states that if incriminating evidence is in plain view then a warrant is not necessary to obtain the evidence (Harper, 2022). Thirdly, another exception is consent searches, where someone such as a neutral third party gives consent for police to search a potential item containing evidentiary material (U.S. Gov., 2022). There are many other exceptions to the rule but these are just a few to show how complicated the law is and why digital privacy rights can get complicated. In the next section, digital privacy laws and their application to the private and public sectors are discussed.

Privacy in the Public/Civilian sector

A major concern held by many people is whether privacy in a cyber dominant world still exists. The answer is yes, though it seems that privacy and security are merging together as one. This is due to machine learning and big data. Today, one of the biggest threats to our privacy and security of our digital selves is the unintended consequences of those who get our data. Anyone who gets enough information about one person can be a threat to our privacy and security in the digital realm. Some items that can be compromised here are our anonymity, political standings and health details (Burt, 2019).

As stated before, privacy and security of our data is a major concern for everyday people. NIST agrees that this is a major concern considering the development of more IOT (Internet of Things) things and the rise of system breaches leading to personal information being made available on the dark web. These new technologies tend to be addicting and intoxicating leaving us with a blind spot putting us at a huge risk losing our privacy and security. This said we are not only worried about the confidentiality, integrity and availability of data but also that of our personal information that is being processed through many systems. Therefore, to help with these issues NIST created a security and privacy program for personal information and civilians. The first installment of this program occurred in the publication of 800-53, Revision 5 containing standards and safeguards needed to protect systems and personal privacy (Ross, 2017).

Privacy in the Corporate/Business sector

In the previous section, Andrew Burt’s article was discussed with relevance to privacy for civilians but in this section his article is discussed with relevance to corporations and businesses. Privacy impacts in the cyber realm will begin to have an impact on businesses bottom lines and thus leading government’s around the world to react with new privacy legislations. Privacy and security concerns within corporations are leading to the convergence of legal and technical personnel. There is no longer a separation between these two departments but instead the legal/privacy personnel have to be tech savvy and the tech savvy personnel have to become more knowledgeable about privacy and legal matters. Thus leading to a new thought process about privacy, it is best described now as our ability to control data we cannot stop generating (Burt, 2019). 

Another example to show that privacy in the digital realm is a concern for corporations is the Airbnb case from New York City. Here Airbnb applied the fourth amendment to their case, stating that New York was infringing on the fourth amendment rights of companies rather than customers by having them turn over customer data on a monthly basis. Therefore Airbnb raised a case against New York City stating that this could cause irreparable harm to customers and violated the fourth amendment. This then lead the courts to grant a preliminary injunction, halting application of the local law (Kessler & Ross, 2019).

Finally, NIST has created a framework and Special Publication 800-37 to help corporations and businesses protect their data. The framework helps to facilitate better communication between senior leaders and executives at enterprise level. It also helps facilitate organization wide tailored security and privacy control baselines. Lastly, the RMF 2.0 consolidation of security and privacy guidelines helps organizations to strengthen their foundational security/privacy programs leading to greater control implementation, collaboration and provide more appropriate level of security to systems in the company (Ross, 2017).

Privacy laws at State level (United States)

This section of the paper discusses policies created within the last three years in the United States pertaining to privacy of businesses and how they can handle or use people’s data. The first law is from California called the California Consumer Privacy Act, the legislation provisions grant a consumer the right to request a business disclose the categories and pieces of personal information that it collects about the consumer. This includes the categories of sources that information is collected, business purpose behind selling that data and the categories of 3^rd parties the information is shared (De La Torre, 2018). The second act is called the California Privacy Rights Act and states that a consumer privacy agency be created and responsible for privacy law violations, instead of the attorney general (Brumfield, 2020). The third law was passed in Nevada, Nevada Senate Bill 220 Online Privacy Law, requiring businesses to offer consumers an opt-out in regards the sale of their personal information. This Bill does have some exceptions, if you would like to read further up on it (Liquid Technology, n.d. and Brumfield, 2020). Finally, Maine’s governor signed a bill to protect the privacy of online consumer information, specifically barring broadband internet access providers from using or selling access to customer personal information unless the consumer consents to it (Brumfield, 2020). There are some exceptions to this law as well.

Privacy laws at Federal level (United States)

Overall, the United States tends to be lacking in the Federal policy department when it comes to privacy in the internet and digital world. The policies that they do have in place right now will be discussed here. First is the Privacy Act from 1974, enacted to govern the use, collection and dissemination of personal identifiable information about individuals (Bushkin & Schaen, 1976). This act was created in response to creation of computerized databases that might house PII and impact an individual’s privacy rights. Another act that has taken on a new meaning in the digital realm is HIPPA. HIPPA was signed into law to modernize the flow of healthcare information. It has become a key policy in the digital realm since a lot of healthcare programs are going digital. The ultimate goal of HIPPA is to protect the confidentiality and integrity of PII held by healthcare providers about their patients (Welekwe, 2021).

Privacy laws at International level (examples from other countries)

Finally, let us take a look at what privacy means in other countries and if they even have privacy laws in place. The first country examined was India; they do not include a right to privacy in their constitution. Although after the emergence of cyberspace transactions India enacted an Information Technology Act in 2000 that deals with cybercrimes and electronic transactions (Sharma & Alam, 2016).  This Act was later amended in 2008, in turn focusing on data privacy, information security, inclusion of more cybercrimes and so much more (Rana, 2014). Another country with different cyber laws from the U.S. is EU’s legislative articles 16, 17 and 19. These European articles protect the confidentiality of personal data, mandate protective measures taken to protect personal data from accidental/unlawful destruction and restrictions on the freedom of expression online (Sharma & Alam, 2016).  Lastly, the UK has implemented the Data Protection Act and Privacy and Electronic Communications Regulations acts to protect the areas of information security and cybercrime prevention. Then adding a cybercrime law in 2011 (Rana, 2014).

Improvements on how to maintain cyber privacy rights and laws

In conclusion, there are still a lot of grey areas within the fourth amendment in the U.S. and privacy laws in other countries. It is hard to enact privacy and cyber security at the same time. There will need to be some compromise on both ends of the law, some by the civilians and some by the law makers. Lastly, there needs to be more education for police on how to handle cybercrime while still offering privacy. Overall, it is going to take more countries working together, better training for police officers, educating the public on cyber protection tools and creating clearer guidelines within the laws and legislations (Sharma & Alam, 2016).

References

Bill Nelson & Amelia Phillips & Chris Steuart. (2019). Guide To Computer Forensics And Investigations (6^th ed). Cengage.

Brumfield, C. (2020, December 28). 12 new state privacy and security laws explained: Is your business ready?. CSO Online. 12 new state privacy and security laws explained: Is your business ready? | CSO Online

Burt, A. (2019, January 03). Privacy and Cybersecurity are Converging. Harvard Business Review. Privacy and Cybersecurity Are Converging. Here’s Why That Matters for People and for Companies. (hbr.org)

Bushkin, A.A., & Shaen, S.I. (1976). Privacy Act of 1974 – A Reference Manual for Compliance. U.S. Department of Justice Office of Justice Programs, 197, 20-180.

De La Torre, L.F. (2018). A Guide to the California Consumer Privacy Act of 2018. Santa Clara University, 4-17.

Harper, J. (n.d.). Administering the Fourth Amendment in the Digital Age. National Constitution Center. Fourth Amendment in the Digital Age – National Constitution Center

Liquid Technology. (n.d.). Data Security Law by State. Liquid Security, Data Security Law by State (liquidtechnology.net)

 Kessler,D., & Ross, S. (2019, February 13). Companies’ Right to Privacy.  Norton Rose Fulbright: Data Protection Report. Companies’ right to privacy | Data Protection Report

Rana, M. (2014, August 07 ). Crimes in Cyberspace: Right to Privacy and Other Issues.  Academike: Articles on Legal Issues. Crimes in Cyberspace: Right to Privacy and Other Issues – Academike (lawctopus.com)

Ross, R. (2017, September 28).  Why Security and Privacy Matter in a Digital World. NIST: National Institute of Standards and Technology. Why Security and Privacy Matter in a Digital World | NIST

Sharma, I., & Alam, M. A. (2016). Privacy and freedom issues in cyberspace with reference to cyber law. International Journal of Computer Applications, 145(3), 11-18.

Thomas J. Holt & Adam M. Bossler & Kathryn C. Seigfried-Spellar. (2017). Cybercrime and Digital Forensics An Introduction (2^nd ed.). Routledge.  

U.S. Government. (n.d.). Fourth Amendment Search and Seizure. Constitution Annotated. Fourth Amendment | Browse | Constitution Annotated | Congress.gov | Library of Congress

Welekwe, A. (202, July 18). A Guide to the Federal and State Data Privacy Laws in the U.S. Comparitech. A Guide to the Federal and State Data Privacy Laws in the U.S (comparitech.com)

Wenger, K.L.(2021). “Protecting People Not Places”: How Katz V. United States Restructured the Fourth Amendment. ProQuest,45-69.