I read Privacy and Big Data by Craig and Ludloff towards the end of 2013. The first chapter is called “The Perfect Storm”. The book lists a number of consumer and corporate computing trends, from Google’s search solution and their clustered file systems, the consumer adoption of cloud storage and the realisation of parallel computing models. There is no question that data is growing at an explosive rate and that new computational models are being developed to use these new volumes of data in timescales appropriate to the human. These new models are of interest to both the new internet companies and to Governments yet because of both social media and the distributed nature of modern computing raise questions of privacy.
The book suggests that privacy is multi-layered and although on the whole exceptionally well referenced, fails to point at the theory and academic papers which substantiate this. It also states that there is a global dichotomy between the US, which defines privacy as the right to be left alone and the European view based on honour and dignity. The book repeats the UN Declaration of Human Rights on Privacy, which it sees as the start point for the European point of view.
“No one shall be subject to arbitrary interference with his privacy, family, home or correspondence, not to attacks upon his honour and reputation. Everyone has the right to protection of the law against such interferences or attacks.”
In defining privacy rights, culture is paramount and local, while the internet is global. This raises the question of borders and jurisdiction and legal ideology by which I mean issues such as those explored above. This is complicated by the differing legal hierarchies in place around the world, for instance in the US, the US statute, the Patriot Act trumps the US/EU Safe Harbour treaties, which is a bit odd because in Europe, the EU treaties and European Convention on Human Rights requires member states to share sovereignty with the other supra-national organisations’ members.
The chapter on the Regulators, explores the differing approaches in the US, where specific domains have specific regulators arguing that the FTC, FCC and Department of Commerce are general purpose regulators with specific domains supplemented by organisations such as the SEC and the Department of Health and Human Services. In Europe, as the privacy laws have got their first, there are generally privacy regulators, in the UK the Information Commissioner. They finish their review by stating that the Europeans have relaxed their views post 9/11, although they do not mention London or Madrid.
The book looks at the roles played by companies and state bodies in the context of data privacy legislation. It uses primarily US nomenclature, defining roles as Collectors, Aggregators, Users and Monitors/Protectors. In the UK, we are more used to the terms Subjects, Controllers and Processors.
The book looks at intellectual property rights law, and looks at the history of the entertainments industry’s pursuit of Napster and Grokster and the passage of the Digital Millennium Copyright acts and its mirroring EU directive, establishing carrier immunity, notify and takedown, and the prohibition on reverse engineering or breaking of DRM encryption. The book is old and so does not recognise this as the beginning of the criminalisation of IT security research. It also ignores the legal backing given to physical security in the various computer misuse acts. It does however explore the IT industry’s collaborative efforts that led to the Trusted Computing Module and the Fritz Chip. It notes that this is banned in China; for some odd reason, the Chinese have no interest in giving U.S. Corporations or their government the ability to run off … every computer connected to the internet.
The book then examines the business models and capabilities of the private sector mega-sites and the looks at attacks on privacy by state and police, specifically in the USA where a number of Laws and rulings have weakened the privacy protections of its citizens. Critically, Miller vs Smith, rules that the 4th Amendment doesn’t apply to 3rd party custodians of “private correspondence”. The book reinforces the need to prove harm in the US, except it would seem for copyright infringement.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The book is superbly referenced, and may be better off as a .pdf or anything with live hyperlinks. It was published in 2011, is very focused on the USA, weak on any specific Big Data dimensions and surely overtaken by the Snowden leaks. It is a fact that it’s the big data dimensions that make the retention of all the data so dangerous to individual privacy and I am grateful for the authors for pointing out the dichotomy in ideology between the USA and Europe that leads to the different approaches. This’ll not be easy to bridge.
I read the book at the turn of the year, and wrote the review in October 2014. As ever, I have back dated to about the time I finished the book. The picture is of the cover of the book, which is published by O’Reilly.