Tag Archives: nsa

Data Privacy – A Clash of Cultures?

How much data privacy is appropriate with respect to the prevention of terror threats? The U.S. and Europe seem to have very different views. In a very interesting essay in the German journal FAZ (Kampf der Kulturen (Clash of Cultures), Frankfurter Allgemeine Zeitung, Nov. 28th) Russell Miller, Professor of Law at the Washington and Lee University School of Law and Ralf Poscher, University Freiburg, stated that there’s a fundamental difference between the traditions of law in the U.S. and Europe. The view in Europe is largely shaped by the experience of totalitarian regimes in the 20th century. In a nutshell, Europe is outspoken against pre-emptive data collection as this data could be mis-used later and often has been mis-used in the past. From a U.S. perspective, however, Miller and Poscher argue, law develops by case and as long as no harm has been done there’s no need to change. In the past, the free press in the U.S. has been the fourth power that uncovered misuse in case it happened and the legislation took action accordingly – as e.g. in 1974 when Seymour Hersh uncovered the misuse of data illegally obtained by the CIA and the Church Committee thoroughly investigated. In that sense, Miller and Poscher observe, some U.S. politicians are now taking a different view as they question whether the political damage that occurred as it became known that Angela Merkel and other European leaders have been wiretapped isn’t outweighing the benefits for the U.S.

In the meantime, U.S. courts have dealt twice with the question whether bulk metadata collection is illegal, see e.g. Forbes: “Now It Gets Interesting, We’ve One Court Stating That The NSA Data Collection Is Legal, Another Illegal”. The judge in Washington D.C., Richard J. Leon, stated “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval,” which would most likely infringe on the “that degree of privacy’ that the founders enshrined in the Fourth Amendment.” The New York judge however said “The right to be free from searches is fundamental but not absolute. Whether the fourth amendment protects bulk telephony metadata is ultimately a question of reasonableness.”

If Miller and Poscher are right then the outcome of the inquiry whether this data collection is illegal or not is not at all clear, unless some real damage will be uncovered.


Where Does Privacy in the Internet end? – On Global Differences And What to Learn from Prism and the Sauna

Rolf Schwartmann, Professor at the Cologne Research Institute for Media Laws, wrote on Friday 12th July 2013 in the FAZ (Frankfurter Allgemeneine Zeitung, “Freies Surfen”) about the considerable legal differences between different countries.

In Germany, every citizen has to approve to any processing or storage of personal information. This processing or storage has to be tied to a specific usage. This is secured by consitutional laws. Exceptions to this need to be authorized by a court on an individual basis and require important reasons by the law enforcement agencies.

In the U.S. on the other hand, privacy is by the consitution only secured as an appropriate expectation (“angemessene Erwartung”, Schwartmann). As soon as information is handed over deliberately to a third person it is no  longer considered as private. Moreover, data privacy of U.S. citizens is overruled by national security concerns. All non-U.S. citizens do not have any data privacy rights from a U.S. perspective.

Three things are obvious here:

  1. There are cultural differences regarding data privacy
  2. There are legal differences regarding data privacy
  3. There’s differences in how internet users from different countries are treated

The cultural and legal differences may have to do with historic experience of Germans – e.g. with the Gestapo or Stasi. Americans on the other hand put more weight on national security.

With respect to the european view on data privacy, a comment from Jeff Jarvis is quite interesting. In 2010, when data privacy and Google Streetview were discussed, Jarvis ridiculed the Germans as beeing paradox, as they have no problem to go to the Sauna naked but do have a problem to have a picture of their house on the internet. Here, the interesting point is asymmetry: In the Sauna you see what I see and no one of us will take something seen outside in form of a picture. But you don’t know who will be looking at your house on Streetview.

Social networks for professionals, like linkedIn and XING, deal with that idea of symmetry: If you want to see who looked at you, you have to pay.

Conclusion: Data Privacy is always about a perceived symmetry between give and take (e.g. take privacy for security) which has to be accepted by the individual. For a global business it means, that data privacy has to be dealt with “glocally”. Data privacy has to be considered not only from a legal but above all from a cultural perspective and cultural differences have to be understood and dealt with.

Troublesome Big Data Experiences Related to Privacy

Big data has already permeated our every-day life. The most recent news however deal with growing concerns about privacy. Most prominently the NSA prism story uncovered by the Guardian.

Other news didn’t catch the same amount of public attention although they go in the same direction. To name a few examples that I came across recently: Cisco annoyed users last summer with a new anti-porn service which created privacy concerns, see e.g. here. Cisco listened to its customers and changed the policies accordingly. More recently, Microsoft was alleged to read Skype chat messages (see e.g.: Is Skype snooping on your conversations? as well as Microsoft liest heimlich Skype-Chats mit). And then we read the Xbox is suspected to spy in our livingroom: What we think we know about what Microsoft isn’t saying about the Xbox One. 

Interestingly, we could learn in May that Whatsapp had reached 250 million subscribers, despite the fact that it is not in line with international privacy rules and laws. It transfers and stores the complete list of contacts of its users to its servers. See e.g.: WhatsApp in violation of privacy law

The difference in the amount of public concern in these cases seems to correlate with the different amount of perceived benefits. Consumers seem less scared or pay less attentionif they see the benefits. (The Cisco case wouldn’t probably have made such a relatively big story if it wasn’t for the added inconvenience of configuring the device)

But this is by no means a simple recipe for corporate success – if searching for deeper customer insight with the help of big data. The damage to reputation might be considerable. Each company is well advised to follow a well-planned, responsible and sustainable strategy regarding the use of personal information. Consumers and legislation will pay attention and even if your company took corrective action, the negative consumer reviews would still be out there on the web for a long time to come and influence other’s buying decisions.