The Future of the Law
The future is unlikely to witness an escalation of our privacy. Can the law curb the apparently relentless slide towards an Orwellian nightmare? ‘Low-tech’ collection of transactional data in both the public and private sector has become commonplace. In addition to the routine surveillance by CCTV in public places, the monitoring of mobile telephones, the workplace, vehicles, electronic communications, and online activity are increasingly taken for granted in most advanced societies. The escalating use of surveillance in the workplace, for example, is changing not only the character of that environment, but also the very nature of what we do and how we do it. The knowledge that our activities are, or even may be, monitored, and undermines our psychological and emotional autonomy. Indeed, the slide towards electronic supervision may fundamentally alter our relationships and our identity. In such a world, employees are arguably less likely to execute their duties effectively. If that occurs, the snooping employer will, in the end, secure the precise opposite of what he hopes to achieve.
The privacy prognosis is not encouraging; the future promises more sophisticated and alarming intrusions into our private lives, including the greater use of biometrics, and sense-enhanced searches such as satellite monitoring, penetrating walls and clothing, and ‘smart dust’ devices (minuscule wireless micro-electromechanical sensors (MEMS) that can detect everything from light to vibrations). These so-called ‘motes’ – as tiny as a grain of sand – would collect data that could be sent via two-way band radio between motes up to 1,000 feet away.
As cyberspace becomes an increasingly perilous domain, we learn daily of new, alarming assaults on its citizens. This slide towards pervasive surveillance coincides with the mounting fears, expressed well before 11 September, about the disturbing capacity of the new technology to undermine our liberty. Reports of the fragility of privacy have, of course, been sounded for at least a century. But in the last decade they have assumed a more urgent form. And here lies a paradox. On the one hand, recent advances in the power of computers have been decried as the nemesis of whatever vestiges of our privacy still survive. On the other, the Internet is acclaimed as a Utopia. When clichés contend, it is imprudent to expect sensible resolutions of the problems they embody, but between these two exaggerated claims, something resembling the truth probably resides. In respect of the future of privacy, at least, there can be little doubt that the legal questions are changing before our eyes. And if, in the fl at-footed domain of atoms, we have achieved only limited success in protecting individuals against the depredations of surveillance, how much better the prospects in our brave new binary world?
When our security is under siege, so – inevitably – is our liberty? A world in which our every movement is observed erodes the very freedom this snooping is often calculated to protect. Naturally, we need to ensure that the social costs of the means employed to enhance security do not outweigh the benefits. Thus, one unsurprising consequence of the installation of CCTV in car parks, shopping malls, airports, and other public places is the displacement of crime; offenders simply go somewhere else. And, apart from the doors this intrusion opens to totalitarianism, a surveillance society can easily generate a climate of mistrust and suspicion, a reduction in the respect for law and those who enforce it, and an intensification of prosecution of offences that are susceptible to easy detection and proof.
Though data protection legislation has been enacted in more than 30 jurisdictions, its scope is limited. At its core is the simple proposition that data relating to an identifiable individual should not be collected in the absence of a genuine purpose and the consent of the individual concerned. At a slightly higher level of abstraction, it encapsulates the principle of what the German Constitutional Court has called ‘informational self-determination’ – a postulate that expresses a fundamental democratic ideal. But the enactment of data protection legislation is driven only partly by altruism. The new information technology disintegrates national borders; international traffic in personal data is a routine feature of commercial life. The protection afforded to personal data in Country A is, in a digital world, rendered nugatory when it is retrieved on a computer in Country B in which there are no controls over its use. Hence, states with data protection laws frequently proscribe the transfer of data to countries that lack them. Indeed, the European Union has in one of its several directives explicitly sought to annihilate these ‘data havens’. Without data protection legislation, countries risk being shut out of the rapidly expanding information business.
At the heart of these laws are two central canons of fair information practice that speak for themselves: the ‘use limitation’ and ‘purpose specification’ principles. They require rejuvenation where they already exist, and urgent adoption where they do not (most conspicuously, and indefensibly, in the United States). They may, moreover, be able to provide complementary safeguards for individual privacy in cyberspace.
The future of the right to privacy depends in large part on the ability of the law to formulate an adequately clear definition of the concept itself. This is not only a consequence of the inherent vagueness of the notion of privacy, but also because the ‘right of privacy’ has conspicuously failed to provide adequate support to the private realm when it is intruded upon by competing rights and interests, especially freedom of expression. In our burgeoning information age, the vulnerability of privacy is likely to intensify unless this central democratic value is translated into simple language that is capable of effective regulation.
Other developments have comprehensively altered fundamental features of the legal landscape. The law has been profoundly affected and challenged by numerous other advances in technology. Computer fraud, identity theft, and other ‘cybercrimes’, and the pirating of digital music, are touched on below. Developments in biotechnology such as cloning, stem cell research, and genetic engineering provoke thorny ethical questions and confront traditional legal concepts. Proposals to introduce identity cards and biometrics have attracted strong objections in several jurisdictions. The nature of criminal trials has been transformed by the use of both DNA and CCTV evidence. Big Brother already appears to be alive and well in several countries. Britain, for example, boasts more than 4 million CCTV cameras in public places: roughly one for every 14 inhabitants. It also possesses the world’s largest DNA database, comprising some 3.6 million DNA samples. The temptation to install CCTV cameras by both the public and private sector is not easy to resist. Data protection law ostensibly controls its use, but such regulation has not proved especially effective. A radical solution, adopted in Denmark, is to prohibit their use, subject to certain exceptions such as petrol stations. The law in Sweden, France, and Holland is more stringent than in the United Kingdom. They adopt a licensing system, and the law requires that warning signs be placed on the periphery of the zone monitored. German law has a similar requirement.
In order to counter the threat of terrorism, the future will unquestionably witness an increased use of biometrics. Biometrics includes, in particular, a number of measures of human physiography such as fingerprints, aspects of the iris and ear lobes, and DNA. The Australian privacy advocate Roger Clarke provides the following examples of characteristics on which biometric technologies can be based: one’s appearance (supported by still images), e.g., descriptions used in passports, such as height, weight, colour of skin, hair, and eyes, visible physical markings, gender, race, facial hair, wearing of glasses; natural physiography, e.g., skull measurements, teeth and skeletal injuries, thumbprint, fingerprint sets, handprints, retinal scans, ear lobe capillary patterns, hand geometry, DNA patterns; bio-dynamics, e.g., the manner in which one’s signature is written, statistically analysed voice characteristics, keystroke dynamics, particularly login-ID and password; social behaviour (supported by video-fi lm), e.g., habituated body signals, general voice characteristics, style of speech, visible handicaps; imposed physical characteristics, e.g., dog tags, collars, bracelets and anklets, bar codes and other kinds of brands, embedded micro-chips and transponders. The law will need to respond to this dangerous trend.
The dark side of biometrics
Biometrics is one of the most serious among the many technologies of surveillance that are threatening the freedom of individuals and of societies. In one possible future, biometrics will fall into ill-repute in relatively free countries. But in authoritarian countries, biometrics will be successfully imposed on the population, resulting in freedoms being reduced even further. Biometrics providers will flourish by selling their technology to repressive governments, and achieve footholds in relatively free countries by looking for soft targets, starting in some cases with animals and in others with captive populations like the frail aged, prisoners, employees, insurance consumers, and welfare recipients. All relatively free countries will become more repressive. Public confidence in corporations and government agencies will spiral much lower. This scenario leads away from freedoms and towards subjugation of the individual to powerful organizations. The other alternative is that societies appreciate the seriousness of the threats, and impose substantial constraints on technologies and their use. This demands commitment by the public, and courage by elected representatives, who must withstand pressure from large corporations, and from the national security and law enforcement apparatus that invokes such bogeymen as terrorism, illegal immigration, and domestic law and order as justifications for the implementation of repressive technologies. This scenario embodies scope for achieving balance among the needs of individuals and society as a whole.
Roger Clarke, ‘Biometrics and Privacy’
New wrongs and rights
Advances in technology are predictably accompanied by new forms of mischief. Today it is ‘podslurping’ (see below); tomorrow it is another evil facilitated by the digital world we now inhabit. The law is not always the most effective or appropriate instrument to deploy against these novel depredations. Technology itself frequently offers superior solutions. In the case of the Internet, for example, a variety of measures exist to protect personal data online. These include the encryption, economization, and erasure of personal data.
While new-fangled wrongs will continue to emerge, some transgressions are simply digital versions of old ones. Among the more obvious novel threats, there are a number which tease the law’s capacity to respond to new offences. These include complex problems arising largely from the ease with which data, software, or music may be copied. The pillars upon which intellectual property law was constructed have been shaken. This incorporates the law of patents and trademarks, especially in respect of domain names. Defective software gives rise to potential contractual and tortious claims for compensation. The storage of data on mobile telephones and other devices relentlessly tests the law’s ability to protect the innocent against the ‘theft’ of information. New threats emerge almost daily. Employers have been warned of the relative ease with which their workers may appropriate data by ‘pod slurping’, a simple operation that consists in the unauthorized downloading of data from a computer to a small device such as an iPod, MP3 player, or flash drive.
Malevolent websites are multiplying by the day. A study by Google in May found 450,000 booby-trapped pages out of a sample of 4.5 million pages. A further 700,000 looked likely to be dangerous. Most of the websites exploit weaknesses in Microsoft’s Internet Explorer browser … increasingly common are sites that steal private details or turn your computer into a ‘bot’ – one which is remotely controlled by someone else. Bots can be used to harvest email addresses, send spam and conduct attacks on corporate websites. Then there are the ‘Denial of Service’ (DoS) attacks, which use armies of ‘bots’ – or ‘zombies’ – to flood company websites with fake data requests. The words conjure up images from Night of the Living Dead and the reality is the online equivalent of consuming a living person’s flesh, as hundreds of thousands of ‘zombies’ attack a website until they’ve taken it offline – which can disable it for days and lose the company a fortune. Usually the attacks are accompanied by demands for money. Gambling and porn sites were among the first to get hit: reluctant to seek police help, they paid the ransom – often to accounts in Russia or Eastern Europe … Of course there are defenses against hackers, and you’d be mad not to install anti-virus, anti-spyware and anti-spam software on your personal computer … [T]he future looks even more terrifying. Simon Church of VeriSign says the online auction sites that criminals use to sell user details are just the beginning. He foresees one of the web’s current favourites – ‘mash up’ sites that put together different databases – being turned to illicit use. ‘Imagine if a hacker put together information he’d harvested from a travel company’s database with Google Maps. He could provide a tech-savvy burglar with the driving directions of how to get to your empty house the minute you go on holiday.’ I don’t know about you, but that’s enough to make me resort to carrier pigeons and cash.
Edie G. Lush, ‘How Cyber-Crime Became a Multi-Billion-Pound Industry’, The Spectator, 16 June 2007
Criminals have not been slow to exploit the law’s frailties. Cybercrime poses new challenges for criminal justice, criminal law, and law enforcement both nationally and internationally. Innovative online criminals generate major headaches for police, prosecutors, and courts. This new terrain incorporates cybercrimes against the person (such as cyber-stalking and cyber-pornography), and cybercrimes against property (such as hacking, viruses, causing damage to data), cyber-fraud, identity theft, and cyber-terrorism. Cyberspace provides organized crime with more sophisticated and potentially more secure methods for supporting and developing networks for a range of criminal activities, including drug and arms trafficking, money laundering, and smuggling.