06 September 2015

Rule of Law: The Privacy vs. Security Paradox...

Chief Privacy Officers and Operational Risk Officers are watching with anticipation as Microsoft argues it's case with the U.S. Court of Appeals in New York, USA on September, 9, 2015.

The trustworthiness of data and the future of "Achieving Digital Trust" for companies and countries is a priority.  The wealth created from the management, storage and processing of data across global borders is at stake.  The "Rule of Law" that intersects with that data and the legal disclosure to government authorities, has been accelerating in countries such as Ireland, Belgium and Brazil.
The company hasn’t always been so eager to comply. A year earlier, it rebuffed a request from the Department of Justice for a suspected drug trafficker’s e-mails. Those were in a data center in Dublin -- and according to Microsoft, the arm of American law enforcement doesn’t extend to Ireland. That set in motion a legal challenge putting Microsoft and its general counsel, Brad Smith, in the lead of a charged battle between the U.S. technology industry and the U.S. government.
More than two dozen companies, including Apple Inc. and Cisco Systems Inc., have filed briefs on Microsoft’s behalf in the case, which is about due process and the right to privacy, and money. Internet service providers may be hard-pressed to sell Web-based products if they can’t promise that digital records stowed in foreign countries will be protected by those countries’ laws -- and from unilateral U.S. search-and-seizure missions.
The privacy vs. security business is apparent and a defensible standard of care remains vital.  Several companies in the data privacy industry have made the decision to establish their legal business entity in Switzerland.  Silent Circle, Proton Mail and Golden Frog are a few examples.  Why?

It is because the business of privacy is becoming a big business.  It is creating wealth.  Data privacy and the use of cloud-based products and services is now so pervasive across borders, that the collision of private companies and governments was inevitable.  Nation states are making it easier for global companies to locate, manage and operate in their data privacy friendly countries.

Digital Trust is at the center of the dialogue.  Operational Risk Management (ORM) surrounds the core conversations as you analyze the implications of building a data-centric business with the ability to comply with all of the regulatory and legal requirements.  The Electronic Communications Privacy Act (ECPA) of 1986 is being interpreted in Microsoft v. United States of America:

The Government’s brief confirms this much: Nowhere did Congress say that ECPA should reach private emails stored on providers’ computers in foreign countries. Small surprise for a statute written in 1986, before the creation of the global internet, when the notion of storing emails halfway across the globe was barely imaginable.

Congress can and should grapple with the question whether, and when, law enforcement should be able to compel providers like Microsoft to help it seize customer emails stored in foreign countries. Microsoft has outlined many reasons why Congress would be wary of granting that power: It would establish a norm that would allow foreign governments to reach into computers in the United States to seize U.S. citizens’ private correspondence, so long as those governments may assert personal jurisdiction over whatever company operates those computers. It would offend foreign sovereigns.

Business and Government across the globe are working diligently to create a balanced, legally sound and vital information sharing environment.  Consumers will continue to have a choice, on what vendor, device or data hosting company they utilize for their communications.  The features, functions and benefits will be carefully thought out, by the marketing and business executives.  Yet the question will be asked by each companies respective stakeholders:  What is the value of trustworthiness in the markets we operate in and how will we decide to create "Digital Trust"?

The consumer must also understand how these tools are being utilized by the dark and evil components of our human society.  Citizens must better understand the motivations for government to protect consumers and those organizations who choose to use certain tools on the Internet.  Those who have a fear of government also like the idea of law enforcement protecting their neighborhoods.  There are two sides to the private enterprise:
They aspire to be neutral conduits of data and to sit outside or above politics. But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism. However much they may dislike it, they have become the command-and-control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us. If they are to meet this challenge, it means coming up with better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now.
As private companies and nation states collaborate to attract new business commerce and tax revenues, your privacy and your company will be at the center of the negotiation.  The consumers preference of where you want your data stored and the legal environment where you want your data to be subjected to legal jurisdictions will continue.  For the good guys and the bad guys.  "Achieving Digital Trust" will be with all of us for some time to come.  As mankind evolves and the most valuable assets of our world become virtual, we can only hope "Trust Decisions" and the "Rule of Law" will stand the test of time.

No comments:

Post a Comment