The future of facial recognition offers scant comfort. Continued advances in surveillance technology, including drones and super-high-resolution cameras, will make identifying individuals in public places easier than ever, especially if the entity doing the surveillance has a nice, fat, facial-recognition database to consult. As in connection with other cloud-based data, revisions to the ECPA could boost privacy protections for digital photos -- depending on what gets enacted. Says Lillie Coney of EPIC: "If they're not locked down, photos could be part of our information economy that can be generated into revenue, sold, traded, used. You don't know where they are."
In her Senate testimony, Lynch proposed that private-sector databases such as Facebook's should be required to obtain consent or an opt-in from consumers to any facial recognition system.
#5: Scanning in the name of cybersecurity
You may not be a malicious hacker, but that doesn't mean your online activity won't be scanned for telltale signs of cybercrime. The federal government has made cybersecurity a high priority, as concerns grow about over the vulnerability of the nation's infrastructure to a computer-based attack.
The Presidential Policy Directive concerning cybersecurity lists business sectors that the Administration considers critical -- and therefore, in need of online watchdogging. Some sectors, such as "Commercial Facilities" and "Critical Manufacturing," lend themselves to broad interpretation.
"The definition is still in flux, so there's a question about what 'critical infrastructure' will ultimately encompass," says EPIC's national security fellow, Jeramie Scott. A recent article by Reuters indicates that the government plans to expand its scanning of Internet traffic from three defined sectors: financial institutions, utilities, and transportation companies. Collectively, that covers a lot of consumer activity.
Even though the data is supposed to be scanned only in aggregate (so as not to pinpoint individuals), the methodology used in choosing and storing the data raises additional privacy issues. "The executive order on cybersecurity called for protections based on the FTC's Fair Information Practice Principles, but it doesn't mean the companies doing the scanning are abiding by these principles," says Scott.
The proposed CISPA, reintroduced in February, reopens many issues around cybersecurity and privacy. "CISPA would allow companies to share much more detailed information than the aggregate data that is planned to be shared now," says EPIC's Scott.
Privacy threats could be solved
This year's online threats to privacy will continue to grow unless Congress and other decision-making bodies offer some meaningful support for privacy. Witnessing the conflict between privacy and civil liberties advocates (on one side) and business and law-enforcement interests (on the other) may seem a bit like watching a particularly nasty tennis game, but it all boils down to a matter of openness versus secrecy.
Privacy advocates see Do Not Track as a no-brainer fix for the many privacy issues related to cookies. Marketers point to the ongoing success of data-driven, targeted Web advertising, which cookies make possible, as an indirect endorsement of their methods.