In an op-ed at the Washington Post, Alan Charles Raul discusses the NSA domestic spying scandal and what it means for privacy. Raul previously served as vice chairman of the Privacy and Civil Liberties Oversight Board.
Heightened concerns over government surveillance have complicated efforts to harmonize international privacy rules. The post-Edward Snowden jumbling together of “national security” privacy and “consumer” privacy, along with the siloed nature of U.S. regulation, has made it more difficult for Europeans, and Americans, to understand how the U.S. system works. The absence of a high-level point person also undermines our country’s ability to engage European trading partners who invoke “privacy shortfalls” to deny business opportunities to U.S. Internet companies.
The Information Technology & Innovation Foundation reports that European and other international privacy-based protectionists are threatening to freeze U.S. “cloud” service companies out of at least $22 billion in contracts over the next three years because of the NSA PRISM program disclosures. […]
Only a White House appointee could prevent the looming digital trade war and data protection train wreck given the disparate interests and agencies involved on the U.S. side. Currently, responsibility for privacy is scattered throughout the administration. Financial information privacy is governed by the 1999 Gramm-Leach-Bliley Act, which is enforced by independent agencies that do not report to the president. The new Consumer Financial Protection Bureau, other banking agencies, the Securities and Exchange Commission, the Commodity Futures Trading Commission and the Federal Trade Commission (FTC) have no obligation to coordinate regulations with the Office of Management and Budget (OMB) or even with each other.
While there is no specific federal cybersecurity law, e-mails and Internet data are protected from snooping and hacking under the 1986 Electronic Communications Privacy Act and theComputer Fraud and Abuse Act. Telephone toll records are subject to certain privacy limits under the 1996 Telecommunications Act, but the Federal Communications Commission is also insulated from presidential review, control or accountability. […]
A good start to untangling all this would be establishing a senior White House privacy position that answers to the president but is also responsive to Congress. This office would coordinate the numerous U.S. data protection agencies and agendas, and represent the United States internationally. It would have to cover both commercial and national security privacy because these issues have become interrelated in the public mind.