'Building Privacy into the Infrastructure: Towards a New Identity Management Architecture' (University of Miami Legal Studies Research Paper No. 16-26) by Michael Froomkin
argues
We are at risk of becoming digitally transparent to both government and the private sector. As it is increasingly obvious that US law is not going to prevent the destruction of personal privacy, we urgently need better privacy tools, baked into the way we do transactions. A partial, but significant, privacy enhancement would be a new Identity Management Architecture (IMA) enabling multiple privacy-protective transaction-empowered digital personae per user. Each persona (or ‘nym if you prefer) would have the ability to communicate, and at least a limited ability to transact, in a manner that would not be linkable, or least very difficult to link, to the real identity of the user. By using a variety of personae for online transactions, reading, and communication, users would defeat — or at least vastly reduce the effectiveness — of commercial and perhaps also governmental profiling.
The problem is that an IMA that enables privacy enhanced personae is most unlikely to reach wide acceptance unless it is designed in a manner that makes it easy to use. It will not receive US governmental acceptance unless it also reduces the extent to which the personae can be used to break laws and evade contractual obligations. This paper thus discusses the legal and political considerations that might inform a requirements document for such an IMA with special reference to US law and likely US government reaction. It includes a survey of laws that parties engaging in or enabling anonymous or pseudonymous transactions should consider, and concludes with discussion of several critical design decisions including transnational credentials, the possibility of identity escrow for transactional personae, and speculation as to how personae might fare in the marketplace.
The timeliness of this proposal is demonstrated by David Chaum’s recent announcement of new privacy protocol, PrivaTegrity, that contains most of the features needed to engineer a privacy-enhanced IMA that might be acceptable to law enforcement. The need for some action, whether based on PrivaTegrity or otherwise, is very great — so critical that it may time to accept the previously unthinkable, and accept some form of identity escrow as part of the IMA.
'Privacy, Public Disclosure, Police Body Cameras: Policy Splits' by Mary Fan in (2016) 68
Alabama Law Review comments
When you call the police for help — or someone calls the police on you — do you bear the risk that your worst moments will be posted on YouTube for public viewing? Police officers enter some of the most intimate incidences of our lives — after an assault, when we are drunk and disorderly, when someone we love dies in an accident, when we are distraught, enraged, fighting, and more. As police officers around the nation begin wearing body cameras in response to calls for greater transparency, communities are wrestling with how to balance privacy with public disclosure.
This article sheds light on the balances being struck in state laws and in the body camera policies of police departments serving the 100 largest cities in the nation. The evaluation illuminates two emerging areas of concern — the enactment of blanket or overbroad exemptions of body camera footage from public disclosure, and silence on victim and witness protection in many policies.
The article offers two proposals to address the challenges. First, the article argues for legal safe harbors to foster the development of new redaction technologies to automate the removal of private details rather than exempting body camera video from disclosure. Blanket or broad exemptions from public disclosure destroys the incentive to use technological innovations to reconcile the important values of transparency and privacy and disables much of the promised benefits of the body camera revolution. Second, the article argues for giving victims and witnesses control over whether officers may record them, rather than putting the burden on victims and witnesses to request that recording cease. This approach better protects against the perverse unintended consequence of deterring victims from help-seeking and witnesses from coming forward, and reduces the risk of inflicting further privacy harms from justice-seeking.
