Steven Greenhut wrote this column in Sunday's Union Tribune: http://www.utsandiego.com/news/2013/oct/18/data-mining-dystopian-future-government/ about how we are moving towards a future where all privacy will be eliminated. The Government will be monitoring all of us all of the time using powerful software mining government and private corporation's databases.
With the revelations by Eric Snowden, Americans are now realizing that the Government has been exploiting databases of corporations that we all thought were kept private. It is possible that there were some serious breaches of basic rules of privacy by those agencies. However it is also possible that employees of those companies or agencies who own the databases may have also violated reasonable rules of privacy. To prevent the possibility of a terrible "dystopian" future.I believe the US needs to establish some sort of controls over these databases. If the US takes the lead at doing this, I believe that other countries will also follow our example and establish similar systems.
A control system for managing all "personal" databases that might need to be another "branch" of the Government, like the Federal Reserve, or it could be part of National Archives and Records Administration (NARA). For the purposes of this Blog, I'll assume it is NARA. Federal legislation will be required to establish the NARA authority over all databases. .
All databases that are over a certain size (say 10,000 humans, cars, boats, planes, photos, phone calls etc) or that contain people or images that cross state lines will be controlled. I believe this would be determined as constitutional and there are legal precedents established in other interstate commerce cases.
Databases can include: Google and other search engine's collection of an individual's searches, email of individuals and organizations, photo collections, surveillance photos, and videos, airline customer databases, telephone call metadata, property tax roles, vehicle registrations for cars, boats, aircraft, contractor licenses, school records of students, arrest records, medical records, insurance claims, face recognition files etc. ,
Data bases will be registered with the agency to include description of data, purpose, owner, and how long it is kept., Registration acceptance by NARA will serve as a "license" to maintain the database
Owner of database will identify security and privacy controls on the database and will be subject to minimum standards established by the agency. Those controls will most likely differ depending upon the sensitivity of the database. Owner will define the number of copies of the database, and how it is protected for disaster, as well as how it is protected from attack or theft.
Owner of the database will maintain a price list for access and establish a process for approving access or for provide data when requested. The price list and process to be used will require some sort of review or approval by NARA.
Legitimate users of these databases will also be required to register with NARA and renew their registration on a periodic basis -- such as annually. Businesses and agencies who wish to use those databases will register, but also the individuals within those organizations will be required to be trained, licensed and required to take continuing education to be eligible for renewal of their license. Users of some databases may be required to take an "oath of office"
Citizens using FOIA process should be able to obtain information about the databases, and about the licensed users of the database. However average citizens will not have access to those private databases unless there is a crime, a judge's order, etc.
Some data may be "bought and sold" freely and accessed by anyone able to pay for the data. Other, more sensitive data may require a subpoena and a judge to approve the request. The NARA function will be to codify the requirements for each type of data and the processes to be used.
NARA may require some data to be kept longer than the owner of the database plans to keep it. NARA may also require some types of data to be deleted sooner than an owner may want to -- depending upon the sensitivity of the data and the possible future need of people to access the data. NARA may also desire to capture certain databases for "historical record" purposes. In that situation, NARA would be required to pay or contract to obtain or save those data.
With the revelations by Eric Snowden, Americans are now realizing that the Government has been exploiting databases of corporations that we all thought were kept private. It is possible that there were some serious breaches of basic rules of privacy by those agencies. However it is also possible that employees of those companies or agencies who own the databases may have also violated reasonable rules of privacy. To prevent the possibility of a terrible "dystopian" future.I believe the US needs to establish some sort of controls over these databases. If the US takes the lead at doing this, I believe that other countries will also follow our example and establish similar systems.
A control system for managing all "personal" databases that might need to be another "branch" of the Government, like the Federal Reserve, or it could be part of National Archives and Records Administration (NARA). For the purposes of this Blog, I'll assume it is NARA. Federal legislation will be required to establish the NARA authority over all databases. .
All databases that are over a certain size (say 10,000 humans, cars, boats, planes, photos, phone calls etc) or that contain people or images that cross state lines will be controlled. I believe this would be determined as constitutional and there are legal precedents established in other interstate commerce cases.
Databases can include: Google and other search engine's collection of an individual's searches, email of individuals and organizations, photo collections, surveillance photos, and videos, airline customer databases, telephone call metadata, property tax roles, vehicle registrations for cars, boats, aircraft, contractor licenses, school records of students, arrest records, medical records, insurance claims, face recognition files etc. ,
Data bases will be registered with the agency to include description of data, purpose, owner, and how long it is kept., Registration acceptance by NARA will serve as a "license" to maintain the database
Owner of database will identify security and privacy controls on the database and will be subject to minimum standards established by the agency. Those controls will most likely differ depending upon the sensitivity of the database. Owner will define the number of copies of the database, and how it is protected for disaster, as well as how it is protected from attack or theft.
Owner of the database will maintain a price list for access and establish a process for approving access or for provide data when requested. The price list and process to be used will require some sort of review or approval by NARA.
Legitimate users of these databases will also be required to register with NARA and renew their registration on a periodic basis -- such as annually. Businesses and agencies who wish to use those databases will register, but also the individuals within those organizations will be required to be trained, licensed and required to take continuing education to be eligible for renewal of their license. Users of some databases may be required to take an "oath of office"
Citizens using FOIA process should be able to obtain information about the databases, and about the licensed users of the database. However average citizens will not have access to those private databases unless there is a crime, a judge's order, etc.
Some data may be "bought and sold" freely and accessed by anyone able to pay for the data. Other, more sensitive data may require a subpoena and a judge to approve the request. The NARA function will be to codify the requirements for each type of data and the processes to be used.
NARA may require some data to be kept longer than the owner of the database plans to keep it. NARA may also require some types of data to be deleted sooner than an owner may want to -- depending upon the sensitivity of the data and the possible future need of people to access the data. NARA may also desire to capture certain databases for "historical record" purposes. In that situation, NARA would be required to pay or contract to obtain or save those data.
No comments:
Post a Comment