III. The United States of Privacy
Alas, poor Yorick! I knew him, Horatio: a fellow
of infinite jest…
When data is conglomerated on levels beyond the personally identifiable, it can take on a different significance. This new inflection of meaning can even be altruistic, or at least be less foreboding than the somewhat dystopian conversation of privacy violations exacted in exchange for a greater sense of security that characterizes this series. Even in his darkest tragedies, Shakespeare included some amount of comic relief, so let’s bathe for a moment in the glow of local charity. But we won’t dwell in the oasis so long as to lose track of the huge column of granite-grey smoke emanating from our privacy rights burning in the distance. It’s not a mirage.
In this section, the conversation will venture into the province of how data gathered on the local level compares, first across a few different cities then on to the state level. Through this comparison, the data will indicate which state objectively ranks as the best example or model going forward for the other 49.
I would like to comment directly on some data privacy trends I noticed while completing work on some recent coding projects. During my time in the Data Science intensive program at The Flatiron School, I used several datasets at the city and state level sourced from different areas of the country and noticed some interesting distinctions. Some of the research involved housing data around places like Boston and Seattle, and subsequently I was curious to discover that my home state of Texas is one of fewer than 10 states that keep real estate sale prices private (A range of prices is allowed to be made public, but not a specific sales price). Some of the code for my work examining real estate metrics through the lens of Time Series and Regression analysis from sources like Zillow can be found hosted on Github here and here. I noted trends in cities like New York are perhaps towards greater data openness, where all Taxi ride and subway turnstile information is released in an effort to optimize the future of various facets of life, with the understanding that the individual data about rides in the cabs and subways in the past would be revealed (although not personally identifiable). The tradeoff between privacy and benefit to society creates a new angle to view what is being discussed.
The oasis I refer to in the first paragraph is another detour into personal anecdote relating to Texas. During the completion of the coding program in Houston, my cohort was visited by Dr. Neeraj Tandor of January Advisors for a presentation on how Data Science can be used for local charity. This paints a more complex picture of data usage in one of Texas’ major cities and reveals that each state is complicated in how it approaches its use of data. In spite of Texas’ statewide inclination to restrict real estate information, Houston was blazing a path forward in data openness and philanthropy in a bid to rival aforementioned cities in the northeast and northwest of the country. Dr. Tandor shared with us several ways that his group was working with the City to streamline philanthropic information and databases. A concrete example of Data Science benefitting society was how his group was working with Houston to document the myriad charitable organizations’ efforts to provide aid to the homeless population by keeping track of which charity had already worked with which affected individual, and what service had been provided. This increased efficiency and reduced unnecessary overlap of services.
This starts to fill in the complex picture of how data privacy is being used on the local level in a handful of states. What about in all of the states? Let’s return to a more abstract analysis of privacy trends on the state level. To give some sense of how this picture has changed across time, here are a few privacy metrics for all 50 states in the year 1997:
And here are privacy metrics for each state 20 years later:
Understandably, the measures of privacy have changed somewhat over the course of two decades. There was no such thing as the Internet of Thing (IoT) in 1997. Now IoT devices are creating new types of data in enormous quantities, both in the home and the workplace. The internet is no longer simply the domain of personal computers and smartphones. The Snowden revelations made everybody a little more cautious around cameras and microphones attached to these more obvious forms of technology, but what about your digital frame with motion-sensors? Those are cameras. What about your Samsung SmartTV and its microphone? The reason I single this brand out is that it’s at the center of a privacy scandal called Weeping Angel, in which this IoT device could allegedly record you even when it remained in a “Fake-Off” mode. The grey nature of this topic could go one of two ways: it could all be smoke that any security vulnerabilities exist on any smart technology. Or it could be that this is just one instance of one possible security flaw that can be exploited within a single type of IoT object, and there are myriad others contributing to a bonfire of the privacies. In an age when the interconnectivity of everything means targeted ads can start popping up in your digital life as a result of what you search and what you say into your microphone, data privacy laws need to become more of a priority.
The overall takeaway of this state-level comparison across the passage of time is that privacy is ever-changing and complex. Laws need to be constantly updated with the evolving nature of technology. At least in the snapshot we have available here, how can we evaluate the state with the “best” privacy at the present moment? The state others should model and emulate?
First, some interesting observations from the two tables. Every state now requires companies to publicly disclose data breaches, something that hadn’t even materialized as an area of laws that states needed to address in 1997. Maine is the only state to pass a law prohibiting law enforcement from tracking a person’s location using GPS or other geo-location info built into smartphones and computers. Illinois and California have both put forth such bills in the past, but they were vetoed. Illinois and Maryland are the only states to specifically protect biometric data, including fingerprints, face recognition scans, and retina scans, but that law is currently in jeopardy in Illinois. Biometric data is easy to capture. Once captured, we generally cannot change our biometrics, unlike our credit card numbers, or even our names. Databases of biometric information are ripe targets for data thieves something that will be revisited in part V of this series.
Of the 50 states, California passed the toughest privacy and data protection law in the nation, making it the darkest shade of blue on the map above (it complied with 15 (75 percent) of the 20 criteria, better than any other state after it passed the landmark Consumer Privacy Act of 2018 on June 26, 2018). It’s the only state which requires companies to delete personal data on demand, with laws protecting IoT data and to mention an inalienable right to privacy in its state constitution. Other states have been somewhat tardy in keeping up with the changing digital landscape and would do well to follow California’s example (and that of the EU’s GDPR, as section V will reveal).
Works Consulted:
