Nonprofit, independent journalism. Supported by readers.


Why doesn’t the state protect our online privacy? It’s not as easy as you think

Because of court rulings and other factors, Minnesota’s lawmakers are focusing on small-bore issues where they can exert some control.

Minnesota Coalition on Government Information spokesman Don Gemerling: “There’s been almost no consumer privacy legislation proposed in the last six or seven years.”
REUTERS/Kacper Pempel

What with Facebook mining every bit of wit and wisdom we post online, Google Earth spying on our backyard doings, supermarkets tracking our cookie-buying habits and now the National Security Agency sucking up information on cell phone calls and emails like a Dyson DC41, Americans could be forgiven if we started wearing tinfoil hats to try to keep our thoughts to ourselves.  

At the very least, most of us would like some kind of control over the information that is collected about us. But for a few limited controls, little is happening in Minnesota.

The European Union, however, has taken action. Only a couple of weeks ago, it adopted a draft of stringent regulations to protect consumers in its 28-member nations. Among other things, the measure would limit the tracking and profiling that allow for targeted advertising and let consumers make companies erase their personal information. It’s hard to say whether the final version will be as tough. Many Internet companies whose advertising revenues depend on such activities are likely to lobby heavily to save their business models.

The United States can’t claim to have got even as far as a draft, however. At this point, there’s no reason to think that NSA computers are going to stop harvesting reams of data about every citizen. Congress hasn’t updated the Electronic Communications Privacy Act, passed in 1986, back before the dawn of the Internet.  

Article continues after advertisement

And though the White House last year put forward a privacy bill of rights for consumers, nothing much is likely to come of it given Congress’ current anti-regulatory stance. So we are left with a system that protects a few patches of privacy, for example, health records, data about kids under age 13 and some credit information. Otherwise, we have to depend on the assurances of businesses and local governments that they will not sell, give away or lose what they know about us.

State legislators, like little Dutch Boys, have stuck fingers into this ever weakening levee of privacy with a hodge podge of new regulations. Some of the new laws are so idiosyncratic, that you have to conclude that they were passed not so much because of a desperate need but because a few lawmakers had bees in their bonnets. California, the privacy leader, passed measures that give kids the right to erase social media posts that they later wish they’d never written. (The law does not require social media companies to erase nastygrams written by others, say, schoolmates, however.) Three states enacted laws governing inheritance of digital information, like Facebook pages.

Minnesota efforts

So what is Minnesota doing?

“Not much,” says Don Gemerling, a spokesman and advocate for the Minnesota Coalition on Government Information, a nonprofit group that tries to influence what information the government should classify and what should be made public.

“Is Minnesota falling behind the curve?” asks Rich Neumeister, a privacy crusader, who has been working as a — yes — private citizen on the issue for the past 30 years. Previously, he says, the state led the charge to exceed federal protections against wiretapping. “What the Legislature has done has been almost nil.”

In fairness, there’s only so much a state can do, says Steve Simon (DFL-Hopkins), who chairs the House’s Committee on Data Practices, which confines itself to regulating information collected by governments in the state. The Legislature has to walk a fine line. “There is a tension at play,” he says. “The government can get into trouble for disclosing too much or disclosing too little.”

One issue he plans to examine this year, though he has no particular legislation in mind: making sure that information on MNsure, the state health care exchange, is secure.

Moreover, with information sloshing hither and yon over networks that don’t stop at state or national borders, states would be hard put to enforce broad data policies. That, says Gemberling, and the fact that the courts have ruled that what you and I may consider to be our information is the property of our cell phone carrier or Internet provider may explain why, he says, “there’s been almost no consumer privacy legislation proposed in the last six or seven years.”

So legislators have focused on small-bore issues where they can exert some control.

Article continues after advertisement

Reading license plates

Among the most controversial issues is the use of data collected by ALPRs or Automatic License Plate Readers. The devices can be mounted in police squad cars or at fixed spots, like telephone poles or bridges. They scan and collect license plate numbers from cars that pass by and give each a time and date stamp and their location, say, 5th and Oak Street. A computer runs the numbers through various databases for stolen cars, car owners subject to felony warrants and so on and “dings” when it gets a hit. The cops can then pursue. According to testimony before the state House Civil Law Committee, police have also used the data weeks after it was collected to investigate and solve serious crimes. The St. Paul police, for example, pinpointed the location of a murderer’s car using an ALPR.

Nobody is debating the usefulness of the system, which seems to be coming into greater use across the state. However, police departments have the capacity to retain the data ALPRs collect indefinitely, even for citizens who haven’t done anything remotely incriminating. But data, however, may be used not only to solve crimes but in other legal proceedings. By illustration, in a divorce case, Mr. X could get a subpoena for Mrs. X’s ALPRs data to show that her car stopped at 5th and Oak, where she regularly visits Mr. Extracurricular.

So the question comes, says Simon: “How long should the data on innocent citizens be kept?” There is no national guideline; Los Angeles County keeps data for five years, Maine for 21 days and Boston 90 days. There’s also a wide range of time limits around the state, and Minneapolis Mayor R.T. Rybak, after realizing that the city was sitting on tubs of such data, asked the Legislature to determine what should be done with it. (Right now, it’s classified.)

Police officials who testified advocated 180 days, but John Lesch (DFL-St. Paul) successfully argued in debate on the state House floor,”It’s not up to the police to know where you’ve been for the last 180 days.” The House passed a bill saying that data on presumably innocent folks should be spiked after a first run through various databases However, the Senate has not yet taken up the matter.

Social media snooping

Another measure would have prohibited employers from requiring their workers to give them passwords to social media sites or lose their jobs. The practice sounds pretty heavy-handed, but apparently, some companies worry that their staffers might reveal the special sauce recipe or drop tips about company stock on their Facebook pages. And, of course, knowing employees’ passwords would tend to inhibit them from bad-mouthing the company or its products to their friends.  

Considering that computers are gulping down vats of data about who we call and email and when, this seems like small potatoes. But such laws are pretty popular. The National Conference on State Legislatures reports that 10 states passed such prohibitions and 26, including Minnesota, are considering one. Bills were introduced in both the Minnesota Senate and House but went nowhere last year.

Drone dangers

Minnesota was one of 42 states in which legislation was proposed to limit or outlaw drone surveillance. Eight states have already enacted laws. Phyllis Kahn (DFL-Minneapolis), who introduced the measure in the House, says that she was prodded into action by her feelings that drone surveillance is “such a totally outrageous thing.” Her bill, which 35 other legislators signed onto, would outlaw use of drones on private property without the permission of the owner and restrict law enforcement, including federal authorities, from using drones to gather evidence in an investigation. Her bill allows exceptions if law enforcement has a search warrant, needs to “counter a terrorist attack” or faces an imminent danger.

How would Minnesota stop the FBI or ATF from flying drones overhead? After all, it’s not likely that the governor would send the Air National Guard to shoot them down. Kahn laughed. “That provision is likely to go,” she says. “My bill is just the opening conversation.”