We need laws and regulations on data use and privacy

If nothing else, the leaked Supreme Court draft opinion that would end the right to privacy allowing women to get abortions should serve as a scary wake-up call to companies that have vast stores of user data. Technology companies, including app makers and connected device companies, have a stunning array of information about people housed in their data centers. In many cases, that data is just a subpoena or warrant away from government hands.
In other cases, the data is actively harvested and sold to buyers, ranging from governments to advertisers to academic researchers. When you add connected devices into the mix — where remote access to a device and control of that device is possible — companies might be forced to turn over data and turn against customers.
Without decisive regulations on what data should be considered private, how and who can access data, and clear rules about ownership and rights that ensure a buyer has physical control of a purchased device, technology firms are creating new windows into their users’ lives and then being forced to let the government peer in. In the case of connected devices, they may even let the government open the window.
If you think I’m overstating the potential for damage that could occur as technology firms and the state collide, consider some recent examples:

• After Russian troops stole $5 million worth of agricultural equipment from a John Deere dealership in Ukraine, the company apparently bricked the combines and tractors remotely, turning them into bright green and yellow agricultural sculptures. In this case, John Deere was simply remotely controlling inventory stolen from its dealership, but I can see a future where a government pressures John Deere to remotely deactivate customer equipment if it was owned by a wanted criminal, or if doing so would change the direction of an armed conflict. In the meantime, we are currently debating, as part of the current infrastructure bill, whether or not new cars should have some kind of kill switch so that police could stop a car chase.

• The Centers for Disease Control and Prevention (CDC) spent $420,000 to buy location data on millions of Americans from a private company. The CDC wanted to see if people were following COVID curfews but also wanted to track neighbor-to-neighbor visits, visits to church and pharmacies, and other related activities during the pandemic. Much of that data collection could be related to the agency’s auditing of lockdowns to better determine their effectiveness, but the CDC is also using location data for other more nebulous programs. Additionally, because location data can be tied back to addresses where a person lives or works, it’s not anonymous, which means the CDC could theoretically identify the people breaking curfew or quarantine and get law enforcement involved.

• SafeGraph, the company the CDC contracted with to buy that location data, also gave up access — this time to Vice, and for a mere $160 — to location data on people visiting abortion providers. If abortion becomes illegal in certain states, those states could easily buy data to figure out exactly who may have accessed health care services and punish them. SafeGraph’s CEO said he was glad the media called him out; he also said his company has stopped selling that data. He added, however, that researchers trying to figure out the effect of recently enacted new laws on abortion providers were frustrated by the company’s reversal on providing that data.

Continue reading: https://staceyoniot.com/we-need-laws-and-regulations-on-data-use-and-privacy/