Privacy and Big Data
Proposed Consumer Bill of Rights Act of 2015 (White House, February 27, 2015)
EPIC (Electronic Privacy Information Center) Web Page on Big Data (has links to many further documents)
EPIC Web Page on Electronic Communications Privacy Act (ECPA) (has links to many further resources)
Privacy, Big Data, and the Public Good: Frameworks for Engagement by Julia Lane (Editor), Victoria Stodden (Editor), Stefan Bender (Editor), Helen Nissenbaum (Editor). 2014. Collection of useful articles.
Engaging Privacy and Information Technology in a Digital Age (2007 report by a committee of the National Academy of Sciences)
Report by the Privacy and Civil Liberties Oversight Board to President Obama on NSA's Section 215 Telephone Collection (January, 2014). (The administration did not accept all of their recommendations.)
"Our Privacy, Ourselves in the Age of Technological Intrusions" by Peter Galison and Martha Minow (2005). (Good review of the legal history of the right of privacy.)
U.S. v. Jones Decision (2012). Supreme Court decision that gives insight into how the current court views Fourth Amendment rights. Unanimous decision, but split 5-4 on the reasoning.
What is Big Data? (It's not just "data" that is "big"!)
What are the main current technologies for data mining?
How does data privacy relate to data security?
What are the benefits of big data and of policies that encourage innovation in its collection and use?
What are the most likely scenarios involving some loss of privacy?
What are the most threatening scenarios created by loss of privacy?
What are risks associated with unsanctioned (i.e., "black hat", or by existing repressive governments) uses of big data?
Are some kinds of privacy "just gone" and we should get used to it? Which kinds? Related: Will generational differences prove to be important -- are we solving an "old person" problem for a "young person" world?
Technical realities: What data is necessary for the world we live in (or want)? What can a data holder be expected to know, and not know, about their own data?
What are the limits of anonymization as a protection? What are methods of re-identification, and how successful are they?
Should we regulate collection? How?
Should we regulate the analysis or combining of data? How?
Should we regulate the use of data, either raw or analyzed? How?
Should the consumer have a right to know about all the data collected on them? How would this work, technically?
Is "Notice and Consent" a viable continuing framework?
The "right to be forgotten": Should there be one? If so, how extensive? Who should enforce it and how?
ECPA: What is it? How well has it stood the test of time? How should it be amended now? Any lessons about how to craft legislation in rapidly changing areas of technology?
Should the Obama administration's proposed Consumer Privacy Bill of Rights Act of 2015 be made into law?
What are possible unintended consequences of the CPBR Act of 2015, if enacted?
CPBR uses the phrase "as a practical matter" several times. How would you interpret this if you were the FTC? If you were a company?
How should collection by government entities be regulated differently than collection by private entities?
Perspective of law enforcement, and of the intelligence community, on big data and privacy
What are, or should be, the rights of individuals to collect data on others themselves (e.g., cell phone photos)?
The legal "right to privacy": Does it exist? What is its history?
What is the European perspective on big data and privacy? How is it different from U.S. perspective(s)?
What would happen if Europe went one way and the U.S. went another (the "Balkanized Internet" issue)?
How should we think about balancing privacy with the public good? Example: use of individual medical records for medical research that can save lives.
Should social networking data be treated differently from some other kinds of data (e.g., because one person implicitly supplies data about another, who may not be consenting)?
How important are the distinctions between different kinds of data? Example: PCAST's distinction between "born digital" and "born analog" data, the latter more likely to contain unintended information.