Sputnik has discussed the issue of Americans’ privacy rights with Pierluigi Paganini, a cybersecurity and intelligence expert, who shared his view on whether the government has the right to collect such information and where to draw the line between the government's transparent actions and national security.
Sputnik: In a landmark 2018 ruling known as the Carpenter Decision, the Supreme Court ruled that the US Constitution dictates that the government needs a warrant to get phone companies to turn over location data about their customers. People's personal data is tied to almost any app and could potentially be passed into the wrong hands. At the same time, the government can buy personal data from brokers – and does not believe it needs a warrant to do so. Is it possible to avoid such a loophole? Should there be stricter laws to protect Americans’ privacy?
Pierluigi Paganini:A clear privacy framework could prevent any abuse of personal data. In this specific case, it is not specifically mentioned - the purpose of the activity carried out by the government agencies, but it is easy to understand that such data could be used in investigations aimed at preventing any threat to homeland security, from crime to terrorism.
In this case, it is important to understand why private organisations, so-called brokers, are trading personal data. Did users give these brokers explicit consent for such information gathering and its sale? Probably you will find a grey area and privacy and government watchdogs must be vigilant about these massive data-gathering activities. Many of these campaigns are operated violating actual legislation.
Sputnik: Why do government organisations buy users' personal data in the first place?
Pierluigi Paganini:The only legal use of this data is the need to use them for investigations to prevent any threat against homeland security. This data is a mine for investigators, but in the wrong hands could be abused for multiple malicious activities, including dragnet surveillance. It is not acceptable that a government pay for this data, in my humble opinion, authorities have to request the data and provide transparency on the way data are collected and used.
Sputnik: What is the relationship like between app makers and third-party brokers?
Pierluigi Paganini: Too strong. In the past years, multiple investigations conducted by privacy advocates revealed questionable aspects about how information is collected and how it is used, including the sharing of it with third parties.
In some cases, app developers kept quiet and did not provide evidence to users about the use of the data they collected. If we think that these companies operate in an international context that involves different regulatory frameworks, it becomes complex to understand and judge the work of the operators behind the main organisations.
Fortunately in Europe, the privacy regulation, GDPR, is disciplining any data gathering activity conducted by app makers by providing greater protection to users and by imposing legal conduct on companies and brokers.
Sputnik: Is it legal for the government to use commercially-available location records from third-party brokers?
Pierluigi Paganini: It is legal if data are collected by third-party brokers through processes that are compliant with the current legal framework and if the citizens are informed about the way their data are managed.
Explicit consent is essential for any commercial activity based on the data. Regarding the government use of the data, the government watchdogs have to ensure that this data is not abused.
Sputnik: What is the likelihood of another scandal – similar to the NSA can of worms opened by Snowden in 2013 – happening again?
Pierluigi Paganini: The risk is high, almost every intelligence agency across the globe attempts to collect as much information as possible. Snowden revealed to the world what we imagined. Today, intelligence activities have an important foundation in monitoring our online activity. It is the sign of the changing times, today spies are hackers.
Pierluigi Paganini: Through a clear and unquestionable regulatory framework. However, regulatory frameworks are developed within institutions and for this reason, it will not be easy to find an acceptable compromise between privacy and security. The contribution of private associations of privacy advocates it is important, it can provide their support to the drafting of new laws useful for this purpose.