Tuesday, November 18, 2008

Obama's Privacy Challenges

I want to continue to delve deeply into the possible opportunities and pitfalls an Obama Administration might offer to privacy advocates. It goes without saying we're in store for a seismic shift in comparison to the draconian Bush Administration, but it remains unclear whether we have a true champion in Obama. His vote for telecom immunity and the egregious FISA bill is enough on its own to douse my hope and optimism with a strong dose of reality.

An interesting question for Obama will now most certainly be: What do I do with all that personal information from my huge database of volunteers?

Sarah Lai Stirland of Wired Magazine details this cunnundrum in her article: "Barack Obama's Privacy Challenge".

She writes:

While both Democrats and Republicans used databases to profile and target voters to get out the vote, it's the Democrats who have historically been big privacy advocates, but who during this election cycle profited politically from the sophisticated integration of all the data contained in state level voter files, commercial databases, and from canvassing information that was also added by millions of volunteers.

All that data collected during the 2008 campaign now sits in databases controlled by the Obama campaign and the Democratic National Committee, in addition to third-party vendors such as Catalist.


What will the Obama campaign do with all this data? It's not saying. A query to the Obama press office last week went unanswered. Catalist, the Democratic data firm profiled earlier this year in Wired magazine, declined to answer any questions. A spokeswoman referred all queries to the Obama campaign.


The Obama campaign's privacy policy states that it generally doesn't make your personal information available to anyone other than its campaign staff and "agents," but that it might share it with organizations that have similar political goals. That's a pretty big loophole.

Ironically, the Obama campaign's own technology policy platform (pdf) promises the electorate that an Obama administration will "safeguard our right to privacy."


But as the "Joe the Plumber" data breach incident, and the State Department breach of the presidential candidates' passport information showed, whenever personal data is easily accessible, the temptation is there to use it for some other reason than the purpose for which it was originally collected.

Deborah Pierce, founder of the non-profit group Privacy Activism, suggests that the Obama campaign adopt the Organization of Economic Cooperation and Development's fair information principles.

These principles state that there must be no secret record-keeping systems, that there must be a way for individuals to find out what information an organization has about them, and how it's used. Moreover, people should have the right to prevent the information from being used in any other ways than what they gave permission for in the first place. They should also be able to correct erroneous information about themselves, and have assurances that the entity holding the information about them holds it in a secure fashion.

Certainly the OECD's fair information principles seem like a perfectly reasonable guide to privacy policy when it comes to these kinds of campaign databases. I think its also reasonable to expect that the Obama campaign should make its actions transparent to his millions of online supporters. So if President Obama wants to share your data with another candidate, he might want to let you know this...hell, I'm still getting emails from his campaign on a daily basis about everything else under the sun! :)

No comments: