EFF Discusses the Future of Internet Privacy at UN Internet Governance Forum
EFF recently participated in the UN Internet Governance Forum (IGF) in Vilnius, Lithuania, advocating for the respect of citizens' fundamental rights online. The IGF is an experimental and influential multi-stakeholder policy forum convened by the United Nations Secretary General in 2006, where civil society, industry, the technical community, and decision makers discuss key aspects of Internet governance issues on an equal footing. The informal nature of the IGF is designed to promote the full and frank exchange of ideas on important Internet policy issues without the knock-down-and-dragged-out conflicts that characterize other international fora where recommendations or binding treaties are made. This year, IGF brought together over 1,400 participants from around the world. Videos and transcripts of all the official meetings are now online and make for interesting viewing.
EFF participated in several panels and co-organized a workshop on The Future of Privacy together with the Internet Society. The speakers included representatives from the US Federal Trade Commission, the Spanish Data Protection Authority, the Council of Europe Consultative Committee of Convention 108, Oracle Corporation, the European Data Protection Supervisor, AT&T, Google, the Internet Society, and EFF. All of them expressed their views on existing laws and international frameworks on privacy, and helped to identify some of the challenges and opportunities that lie ahead.
In the workshop, EFF focused on several key areas where governments will be able to play a vital role in protecting their citizens' privacy both now and increasingly so in the future, including setting the right standards for government access to citizens’ private communications and related communications records. Here are a few of the points we highlighted:
• The law should protect the privacy of your data stored for you by a provider in the same way that it protects your data stored by you on your home or in your office. In an age where countless millions are trusting web-based email services such as Microsoft’s Hotmail to store years worth of private correspondence, and cloud services such as Google Docs to store their most private documents, it is time for privacy law to treat online storage as an extension of your own home or office. Privacy law has typically provided strong protections against government intrusion into information that you store offline personally. It should also provide strong safeguards for the data you store for a similar purpose with an online third party provider.
• The law should include better protections for your traffic data. Typically, the contents of communications are strongly protected by privacy law whereas non-content transactional data, traffic data, or “meta-data” is typically given much less protection, even though it can be just as revealing. Monitoring of other data that is arguably transactional and not content -- such as the location of your cell phone, clickstream data revealing the web sites you visit, and search logs indicating what you searched for using Google or another search engine -- is just as invasive as reading your email or listening to your phone calls.
EFF called on government officials to focus their analysis on the invasiveness of the surveillance techniques at issue, rather than deciding the appropriate level of privacy protection based on where the data is stored, or whether it is characterized as content or traffic data. Communications are communications, whether telephone conversations or e-mail messages. The mere fact that Internet communications leave more detailed traces should not entail less privacy protection vis-à-vis governments. We believe that mandatory data retention regimes that compels ISPs and telcos to retain innocent citizens' Internet traffic data should be repealed.
The panel also discussed the revision of the EU Data Protection Directive, the Council of Europe's Privacy Convention 108—the first legally binding international privacy instrument, the harmonization and interoperability of privacy regimes in different countries, as well as the insights of the technical community. The comprehensive report produced jointly by EFF and ISOC contains more detailed information about the workshop participants' presentations and fascinating exchange of views on these subjects.
The IGF has provided a very useful venue for discussing these important global issues with key government and non-governmental stakeholders, but whether it will continue to do so in the future is currently unclear. At the end of this year, the United Nations' General Assembly will decide if it should extend the IGF's initial five-year mandate. The UN Commission on Science and Technology for Development (CSTD) is currently carrying out an open consultation on the ways in which to improve the Internet Governance Forum (IGF). A road map of the future CSTD work on IGF is now posted here. Stay tuned to Deeplinks for news and our thoughts on these breaking developments.