President Donald Trump mandated Wednesday that agencies withhold privacy protections from people who aren’t U.S. citizens, which puts relationships with other countries at risk, according to a policy manager at Mozilla.
Heather West, senior policy manager of Americas Principal at Mozilla, said these orders contradict the Privacy Act, which does cover non-U.S. citizens. The Department of Justice has agreements with about 27 countries to protect the privacy of their citizens, according to West.
“I think that undermining that would be a mistake,” said West, at an event Thursday on Privacy and the New President sponsored by the National Cyber Security Alliance and Twitter. “Who knows what happens next.”
“Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information,” stated Trump’s Executive Order on Enhancing the Public Safety in the Interior of the United States.
Trump signed this executive order on the same day that he approved an executive order that would allow the administration to begin building a wall between the United States and Mexico, and agencies to report on immigrants crossing the border.
“The Secretary [of Homeland Security] shall, on a monthly basis and in a publicly available way, report statistical data on aliens apprehended at or near the southern border using a uniform method of reporting by all Department of Homeland Security components, in a format that is easily understandable by the public,” stated the Executive Order on Border Security and Immigration Enforcement Improvements.
These two orders combined would enable the government to collect and store personally identifiable data on people illegally crossing the border into the United States from Mexico. That would help agency officials track and deport people in the country illegally.
U.S. companies have begun asking themselves if they should be storing the data they store and how they should be using it. Company privacy shields currently protect everyone in their databases regardless of citizenship, according to West. A group of technology company employees signed a pledge in December, saying they would not use the data they collect to create a database of Muslim citizens, because of fears about the new administration’s rhetoric.
“I’m glad we’re asking the questions,” West said. “There’s going to be a long wait to see exactly what happens.”
Technology companies take steps to ensure that the data they collect doesn’t affect users’ privacy by asking certain questions.
“Does it involve personally identifiable information and if it doesn’t, could it be combined with other aspects to make it personally identifiable?” said Lori Fink, chief privacy officer at AT&T.
In order for users to potentially put their privacy at risk, the device or service that companies provide needs to be valuable and do something original, according to Michelle Dennedy, chief privacy officer at Cisco. For example, smart cities can collect individual traffic data in order to study congestion patterns to redesign specific roadways.
The government also has some responsibility to make sure consumer privacy is protected along with companies, according to Dennedy.
“Hopefully it’s not a limitation of innovation,” Dennedy said. “I think that there is a blended responsibility.”
Eve Maler, vice president of innovation and emerging technology at ForgeRock, said that it comes down to asking users how they want their data to be used, to make sure companies don’t step on toes.
“Lean into consent,” Maler said. “You’re going to have to ask them what they want done with their data and then do it.”
The National Security Agency (NSA) and the CIA recently have made changes to policies regarding privacy. The NSA gained the power to share globally intercepted communications with other intelligence agencies before applying privacy protections. The new rules, which significantly relax the requirements placed on the NSA, were signed by then-Attorney General Loretta Lynch on Jan. 3.
Two days before Trump’s inauguration, on Jan. 18, the CIA released rules that strengthen privacy protections. The new provisions mark the first time that these rules have been updated since 1982.
The rules provide protections for unevaluated information, restrictions on queries of sensitive data sets, strong requirements for the handling of electronic information, mandates that officers disclose who they are when they participate in data collection and sharing, and the expectation of periodic auditing.