The election of Barack Obama to the presidency will usher in many changes in public policy on a broad range of technology and communications-related issues. Privacy will have an important role on the new president's to-do list.
The President-elect comes with a reputation as the most technologically savvy president in the nation's history. He is expected to take a keen interest in technology-related issues, although the Presidential Records Act may compel him to abandon his beloved Blackberry. Equally important, his campaign was remarkable for its unprecedented use of the Internet and other 21st-century technologies and for development of a large database of supporters for political purposes in a way that mirrors modern business operations. Furthermore, the president-elect's advisors include prominent figures in the worlds of technology and privacy, including Eric Schmidt (CEO of Google) and Peter Swire (White House privacy advisor in the Clinton Administration).
On the campaign trail, President-elect Obama said more about telecommunications and Internet infrastructure issues—such as network neutrality and broadband deployment—than about privacy. He advocated the creation of a federal government chief technology officer, although it remains to be seen whether that becomes a policy or a more operational position.
As for privacy specifically, his campaign agenda did contain a section entitled "Safeguard our Right to Privacy," which noted that the "open information platforms of the 21st century can also tempt institutions to violate the privacy of citizens."
The Obama campaign agenda advocated four specific privacy positions:
- Support for restrictions to prevent the misuse for other purposes of databases containing information about Americans created to fight terrorism;
- Updating of surveillance laws;
- Robust protection against misuses of sensitive information, such as e-health records and location data; and
- Increases to the Federal Trade Commission's (FTC) enforcement budget and strengthening of international cooperation to fight spam, spyware, telemarketing, phishing and other cybercrime.
These are not novel proposals. Each has floated in Washington and policy circles for some time. While they may represent a change in direction from the current administration's priorities, they are incremental in nature, which should make them easier to achieve, although they still may prove quite contentious.
Government Database and Surveillance Misuse
The first two proposals in the campaign agenda—restrictions on uses of terrorist databases and surveillance—pertain to governmental efforts to combat terrorism and related concerns that the databases assembled for this purpose could be tapped by other government agencies or their employees for their own, quite distinct from law enforcement or other legitimate activities. News during the height of the campaign season of unauthorized snooping into the passport files of President-elect Obama, Sen. John McCain and Sen. Hillary Rodham Clinton illustrates one of the problems in this area. Look for possible restrictions, some imposed by the Department of Homeland Security, on the collection, use and security of government owned and operated databases about Americans, whether maintained by the government or by private contractors.
Look also for a possible revisiting of the Foreign Intelligence Surveillance Act, which governs foreign surveillance activities. With 24/7 surveillance becoming increasingly commonplace in American cities, driven by national security and private desires to protect economic assets, and with the surveillance precision now possible through commercial satellites, there likely will be efforts to address privacy concerns in this area, as well.
Sensitive Information Misuse
The last two campaign proposals—-strengthening protections against misuses of sensitive information and increasing enforcement—will affect private businesses, both online and offline, more directly than governmental agencies. Again, however, these proposals do not represent a change of direction as much as they reflect a greater emphasis on these issues.
Advocates have sought greater protection of a wider range of sensative information against misuses. In particular, electronic health records (and personal health records)—already an awkward fit within the existing Health Insurance Portability and Accountability Act (HIPAA)-based legal framework—are the subject of growing attention, as large private firms such as Google and Microsoft step into the waters. Look for renewed attention to the privacy of personal and family medical records. Expect the Department of Health and Human Services to begin imposing sanctions for violations of the HIPAA Privacy and Security rules. E-health records may also become part of more comprehensive health care reform legislation on Capitol Hill, perhaps led by Sen. Edward Kennedy.
Also expect more attention to location-based wireless services. Now that cellular telephones and, increasingly, wireless-enabled laptop computers have GPS or other position-location capability, many providers are rushing to develop and offer services keyed to knowing (and informing others of) an individual's location at any time. The privacy implications are self-evident, and existing legal frameworks do not apply to some of these offerings, especially where traditional carriers are not involved. Look for the Federal Communications Commission and the FTC to explore this area.
More FTC Enforcement
As for the FTC, look for a larger enforcement budget and a more aggressive role in pursuing perpetrators of online crime, including spyware and spam. Expect an important role to remain for self-regulatory efforts, but these are likely to be supplemented—or reinforced—by stronger law enforcement. The recent collapse of the financial markets has dealt a major blow to faith in the efficacy of self-regulation alone to achieve socially desirable results.
On policy matters, expect the FTC to build on its initial exploration of online behavioral targeting. The agency is likely to issue a report on behavioral targeting in the near future and to indicate its next steps.
Finally, the new Congress may be more skeptical of pleas that federal legislation should preempt more privacy-protective state laws than in the past. Thus, while in past years the business community successfully lobbied the Hill to enact anti-spam legislation that preempted more restrictive state laws, similar efforts in other areas may be less successful.