With every change in power, especially in the social media era, questions are raised about the new U.S. president’s commitment to privacy rights. Since Donald Trump took the oath of office on January 20, he’s raised plenty of concerns, with travelers having their phones searched at the border, government agencies monitoring internet communication, and the strong likelihood of potential clashes between U.S. tech companies and the European Union over privacy shield laws.
“Privacy is central to almost every major issue of our time, from immigration and reproductive rights to criminal justice, national security, and the environment,” noted Michael Price, a counsel at the Brennan Center for Justice at NYU School of Law in Time magazine. Given the passions around those issues and the heating up of those debates, expect some sharp changes to the federal government’s privacy approach over the next few years.
Here are some of the biggest things to look out for:
Earlier in March, the Federal Communications Commission (FCC) halted a new set of data security rules that would have made it harder for internet service providers to sell information on their users’ intimate browsing habits to third parties.
Currently, internet providers are able to sell data on customers’ web browsing habits to third-party buyers like advertising companies. This past October, the FCC approved new privacy rules that would require explicit consent from customers to do this.
But Ajit Pai, the new FCC chairman, put these plans on hold. In a statement, Pai and acting FTC chairman Maureen K. Ohlhausen said they want new rules to meet the Federal Trade Commission’s less stringent privacy requirements:
We disagreed with the FCC’s unilateral decision in 2015 to strip the FTC of its authority over broadband providers’ privacy and data security practices, removing an effective cop from the beat. The FTC has a long track record of protecting consumers’ privacy and security throughout the internet ecosystem. It did not serve consumers’ interests to abandon this longstanding, bipartisan, successful approach.
The decision by the FCC to step back from regulating ISPs on privacy is a sharp shift from Obama-era policy and is sure to be heavily debated at a hearing held by the Senate’s Commerce Committee this morning.
Since Trump entered office, the news media has regularly reported on phones and social media being searched at the airport. Although this also took place during the Obama era, anecdotal reports suggest that immigration officers are now requesting these searches of more travelers, and of both citizens and non-citizens.
It’s a troubling and abrupt change from the previous administration’s policy, notes Mozilla’s chief business and legal officer, Denelle Dixon. “[The] real focus is not having rights at the border with respect to passwords and digital data. From our standpoint, that’s a pretty big shift. Obviously, social media is something that is public, and border patrol agents would have access to. However, the notion of taking devices and getting passwords at the border–we find that really hostile to privacy and security, generally. There’s no formal policy we see on that, we’ve seen that shift a bit, and that’s a concern for us.”
Also, Dixon notes, it appears that the unwritten rules in regard to how homeland security agencies view citizens and non-citizens has changed. “Homeland agencies have historically not differentiated between the two and have treated both on a similar level, even if it was not formal policy of the United States. But we’re definitely seeing more differentiation of privacy rights of Americans and non-Americans at the border and elsewhere; that’s something for us to watch in terms of trends.”
In a congressional hearing in early February, Homeland Security secretary John F. Kelly suggested the mandatory handover of social media passwords from all visa applicants. Homeland Security first suggested mandatory password collection during the Obama presidency.
Because the Trump administration has been in power for a month and a half and many key bureaucratic positions remain unfilled, there has been a lot of speculation over what the next four years hold for both online and offline privacy.
This speculation focuses on two areas.
The first is Trump’s long-awaited cybersecurity executive order, which was scrapped at the last minute in January. The executive order would have overhauled the U.S. government’s approach to cybersecurity, requiring government agencies to overhaul their cybersecurity efforts and an administration-wide risk review, but was canceled for unclear reasons.
Several drafts of the text were leaked to the press. Although most of the text deals with government cybersecurity enhancements, it encourages the private sector to implement strong security measures–a move that could well have privacy ramifications, depending on the bill’s future wording.
A revised version of the cybersecurity executive order is expected in the future; according to Foley Hoag’s Aaron Lang, “The drafts are relatively tame compared to some of the president’s other executive orders.
“The first draft would have created four review panels to report to the president on issues ranging from U.S. cyber capabilities and vulnerabilities to the identification of cyber adversaries. The second draft sounds similar themes, and maintains elements of those reviews, but places more emphasis on ensuring that federal agencies are prepared to confront cyber threats,” Lang adds.
The second area is the U.S.’s and EU’s privacy shield agreement. These laws, which basically allow U.S. tech companies to operate in the European Union–which has a much different (and stricter) interpretation of customer privacy–have been the subject of tense discussion between the United States and Europe; there was speculation in January that an executive order could upend much of the privacy shield. While the privacy shield framework remains in place, the smart money is on more tension between the U.S. and EU over the next few years.