Technology is global.
The world is Balkanized among 200 nation states.
Thereby hangs a tale about protecting personal privacy from Orwellian snooping in the Age of the Internet without creating sanctuaries for knavery, rascality, or worse.
Recent remarks by Brad Smith, president and chief legal officer of Microsoft, underscore the difficulty. The collapse of the US-EU Safe Harbor: Solving the new privacy Rubik's Cube.
The precipitating event was a decision this month by the Court of Justice of the European Union that invalidated the 15-year-old EU-U.S. Safe Harbor protocol that had governed the transmission of data and the transaction of business across the Atlantic for more than 4,000 businesses and 800 million people. According to the EU Court, the transfer of personal information about Europeans to the United States was insufficiently protected from seizure by the United States government, e.g., the National Security Agency's interception of the contents of cross-Atlantic emails or phone calls, and its dragnet telephony metadata surveillance program revealed by Edward Snowden.
President Smith notes that privacy is a fundamental human right. True enough. Article 12 of the Universal Declaration of Human Rights stipulates: "No one shall be subjected to arbitrary interference with his privacy...Everyone has the right to the protection of the law against such interference..."
United States Supreme Court Justice Louis D. Brandeis sermonized in Olmstead v. United States: "The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness.. They conferred, as against the Government, the right to be let alone--the most comprehensive of rights and the right most valued by civilized men."
The Charter of Fundamental Rights of the European Union includes the "protection of personal data."
But fundamental human rights in most of the world, for instance, China and Russia, are honored more in the breach than in the observance. Most governments routinely spy on citizens indiscriminately to squelch dissent and strengthen their holds on power. Law is no more than a jumble of political calculations with ulterior motives. Even if legal protocols facially protected privacy, their enforcement would be a travesty.
Fundamental rights do change from one nation to another. Your right to liberty or a trial with the trappings of due process disappears as soon as you cross the borders into Russia, China, Iran, etc. Does any inhabitant of Moscow believe he is free of the prying eyes of Vladimir Putin at any time or for any purpose?
The demands of business efficiency and consumer welfare militate in favor of a global Internet. The international movement of data is a cornerstone of a global economy.
On the other hand, the law and law enforcement, which are chronically in tension with Internet privacy, is fractured among 200 nation states with conflicting values and interests.
Microsoft's president argues in favor of an international legal regime in which privacy rights in the form of personal data or otherwise move across borders. As applied to the United States and the EU, this would mean that the U.S. government would demand information stored only in the United States; and, in making such demands, the United States would honor the privacy rules of the EU if the target of the demand was an EU national. This approach bears similarities to the pending Law Enforcement Access to Data Stored Abroad Act (LEADS).
United States judges, however, are amateurs of EU privacy rules--including the recently minted right to be forgotten. More important, the NSA, acting under Executive Order 12333, and the Foreign Intelligence Surveillance Act of 1978, as amended, probably intercepts in real time virtually every email or phone call in the world. (Pervasive secrecy and the NSA's penchant for dissembling make an authoritative conclusion problematic). Privacy is massively breached by the United States government before storage of personal data, not afterwards. And as with nuclear weapons, predator drones, or otherwise, it is only a matter of time before the EU, China, Russia, Japan, Israel etc. acquire NSA-like capabilities to intercept unfathomable volumes of personal information during transmission before storage.
In sum, a priority in privacy protection today should focus government Panopticon-like seizures of electronic communications. The companion approaches suggested by Microsoft and LEADS are constructive, but will be eclipsed if Big Brother government is not prevented.