“My personal decision is to get off of the Internet to the degree it’s possible. I’m just an ordinary person. But I really know, after all my research and some serious thinking things through, that I can’t stay online personally without losing my humanness, now that I know that ensuring privacy online is impossible. I find myself unable to write. I’ve always been a private person. That’s why I never wanted to be a celebrity and why I fought hard to maintain both my privacy and yours.” – Pamela Jones, Groklaw in her last post.
An obituary of sorts, Pamela Jones lays down why she cannot continue with her popular blog Groklaw. The blog was known for its posts and legal dissection of famous legal tech issues and court cases. What Jones expresses in the post is deeply personal. She describes her struggle with the NSA surveillance of all things Internet and her desire to be a private person and not have her communications monitored by the U.S. government.
I find myself personally conflicted by the revelation of NSA surveillance. Part of me is not surprised; the U.S. government has been involved in covert espionage and spying for years. This seems to be the natural evolution of those activities. They are simply continuing to leverage technology to improve the reach and scope of that program.
Reacting as a individual, I find it deeply disturbing to know that the U.S. government could be monitoring all correspondence. I also find the general nonchalance frightening, and I’m somewhat confused why there aren’t more Pamela Joneses out there. Do we just take it for granted that the government knows all of our secrets?
Reflecting as a lawyer and professional, I am now faced with the problem that I once advocated for cloud-based solutions and technology for lawyers, and implemented them throughout my whole business. But based on the current revelations, this no longer appears to be a tenable position.
The risk is probably low that my particular information is interesting to the U.S. government, but you never know. How do I continue to maintain confidentiality in light of this? Should I do away with my Gmail account?
You may be thinking that such concerns don’t impact you because you are not a lawyer or someone who has taken a vow of confidentiality, but most Canadian companies are bound by some sort of privacy laws. Before the PRISM scandal you could have claimed ignorance, but now it’s become clear American intelligence agencies can read the emails and online documents of any non-American who fits whatever search term they are interested in.
So is it possible that by using American web services like Gmail, AWS or Dropbox, you are knowingly violating professional privacy regulations?
In Canada, we are governed by the Personal Information Protection and Electronic Documents Act. PIPEDA applies to every organization that collects, uses or discloses personal information in the course of commercial activity. So if your business collects any information about clients including their names, addresses and phone numbers – or say, their purchase records, ages, buying preferences, and possibly even their IP addresses – then you are governed by this act. Under PIPEDA you can only disclose personal information without consent in very limited circumstances such as: in the case of a subpoena, if the individual has been dead for 20 years, or if the information is regarding certain acts related to the Canadian government collecting information about money laundering or terrorism.
So where do we go from here?
While concerns about Google or Amazon disclosing information to the NSA is at the top of everyone’s minds, it’s likely that the real violation of law would be disclosing information to Google or Amazon in the first place. This is most likely remedied by client side encryption (where you encrypt the data before it leaves your computer) which was a best practice before, and is now becoming more of a necessity both practically and ethically.
More will come from this news, not least of which will be a general review and tightening of personal and client data collected and stored by companies. Your personal information or private documents? Perhaps there’s still a use for that old filing cabinet in the basement after all.