Data Shadows & Improbable Consent

new trends in ‘compulsory voluntarism’ raise the spectre of ‘consenting’ to infringed liberties against one’s will

A contract is legally binding only when: all signatories freely and voluntarily agree to its provisions; all provisions are themselves legal; none of the provisions is inherently unreasonable or deceptively worded. Neither contracts nor “terms and conditions” including indemnities disclaimers, can be classified as legislation. They do not make or construct legal limits by themselves.

Obvious as this may seem, it is a necessary introduction to the problem of the trade in personal information and “soft surveillance”. Another vital piece of information is the Fourth Amendment to the US Constitution, which ensures “The right of the people to be secure in their persons, houses, papers and effects” and that such barriers cannot be breached except by judicial warrant, brought after providing evidence of “probable cause”.

Yet in today’s America, one is routinely subjected to interrogation, inspection and even physical search, not for having broken any laws or even aroused any reasonable suspicion, but simply because “that’s policy”. It would require a complicated and somewhat unlikely federal civil rights trial, and a decision of the Supreme Court to test the constitutionality of mandating that all visitors to a given location be subjected to procedures against which they are protected under the Constitution.

It is even unclear, after all, whether one’s momentary consent to physical searches is really a dissolution of the constitutionality problem. Because, after all, a population cannot vote its voting rights out of existence; they remain a requirement for governments and elections at all levels, within the US, under the Constitution.

So, the civil liberties conflict does exist. And it hinges on one central and unavoidable question: does pursuing the innocent routinely and en masse aid in the capture of the guilty? The threshold for meeting this requirement is raised to an extreme when one considers that “guilt” in terrorism cases is often speculative, or regarding possible future acts and not past crimes.

Remember, all 19 hijackers on the 4 doomed flights of 11 September 2001 cleared security checks and had legal documentation. Increased scrutiny of innocents would not have increased the likelihood of their being intercepted; in fact, it may have distracted even more from doing so.

Instead, it would have required better exercise of routine criminal investigations, brought on financial evidence, links between known terrorism suspects and testimony from some flight schools, to increase the likelihood of foiling their operation. It was existing criminal investigative channels that would have served the public best, but officials opted not to act on field agents’ advice in a number of key moments.

So, with this in mind, we can examine the new trends in information gathering, the often questionable means by which it is conducted, the ways in which some openly profit from the private personal information of others, and whether such methods, legal as they may be, serve to undermine protections against misuse of personal information.

Considering contracts again, their “terms” are only legally binding where all parties understand and agree to their specific provisions (this is why websites routinely require users to check a statement affirming they have read and understand the “terms and conditions” and then to click another button approving the contractual transaction).

Indemnities disclaimers are only sustainable where a reasonable claim of “informed consent” can be sustained, and where the claim of immunity is not wildly unreasonable and does not contravene basic contract, civil rights or public safety laws.

Yet, as it stands, any individual submitting personal information to a business can only expect, with certain limitations, the level of privacy promised in that company’s “privacy policy”. Though consumers may be left with little choice, the burden is essentially on them to determine where the safest line can be drawn and to whom to give their information.

If personal information is redistributed in keeping with the privacy policy of a given company or organization (a few years back the state of Pennsylvania was forced to change its policy whereby it was selling driver’s license information to marketing firms), and the third-party misuses that information, the first company is not held responsible.

But, consumer protections could be put in place, and means of doing so are increasingly available, both under law and in the way of internet-related personal information-sharing regulations, to render the collecting party liable for any further distribution of personal information. Some would like to see redistribution prohibited altogether, or else for the reselling company to first get explicit permission from consumers for any and all resales, each time, with specific reference to any intended recipient.

The impracticality of that has led to a common trend where to avoid legal troubles, businesses will give consumers the option to refuse rerelease of their personal information or even refuse to permit the company itself to contact them for marketing purposes. Privacy experts have suggested that though convenient for web-browsing and for quick purchasing online, the use of “store my information” features on the web should be limited or engaged only with genuine skepticism about long-term security of information.

But the ‘data shadow’, this mark one leaves when tracing a path through cyberspace, is increasingly a liability the individual must deal with, and whose possible ill-effects one must know how to combat or forestall. The trend toward gathering a maximum amount of information in all circumstances, under the guise of security is of dubious purpose.

As Microsoft advised the UK government in light of plans to create information-intensive national electronic-biometric ID cards, such schemes can create an unprecedented opportunity for fraud and for irreversible harm to the individual’s ability to maintain a private sphere. Technically speaking, no ultimatum can be considered a process of legitimate consent.

So, while those who work to secure buildings, infrastructure and travel, from real threats of violence and sabotage, may find participate or no-entry security procedures useful, the individual may find that over time, the effect of widening patterns of blanket security measures will be higher costs built into product and service pricing and a verifiable reduction of actual freedom of movement at the individual level.

– – – 

Originally published January 2, 2006, at, then

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s