Continuing look at data and ownership and security.
Communications of the ACM, October 2020, Vol. 63 No. 10, Pages 15-17 10.1145/3416078
In a world that is defined by the generation and collection of data by technology and communications companies, personal information—including where people go, with whom they associate, what they purchase, and what they read, listen to, and even eat—it is quite a simple task to create a detailed profile of an individual based solely on the data captured in his or her phone.
The right to access and use the cache of personal information stored in each person's smartphone has become a major question about balancing personal privacy rights against governments' desire to monitor and retrieve data about its citizens' activities for law enforcement, public safety, and health issues. While much of the attention over the past several years has focused on demands from law enforcement to access this data to aid in criminal investigations, the COVID-19 pandemic of 2020 has refocused the debate on the government's right to access location data during health or other public safety emergencies.
Within the U.S., the primary communications privacy law that regulates the disclosure of and access to electronic data held by communication services providers, including wireless carriers, Internet Service Providers (ISPs), social media platforms, and search companies, among others, is the Electronic Communications Privacy Act of 1986 (ECPA) which, along with the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act OF 2001, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. As the Act explicitly states, "Some information can be obtained from providers with a subpoena; other information requires a special court order; and still other information requires a search warrant."
Andrew Crocker, senior staff attorney on the Electronic Frontier Foundation's civil liberties team, says the ECPA generally "requires the government to use legal process to get data about users," rather than simply allowing them to request and receive information from service providers. .... "