By Sam Pfeifle
Publications Director

It’s no secret that privacy is top of mind for many Americans – one need only read the top-of-the-fold stories in the local paper about Edward Snowden’s leaked documents or the latest WiFi hack. Hence, the time is particularly ripe for Cullen Hoback’s newly released documentary, Terms and Conditions May Apply, which takes a hard look at data collection and use by the world’s largest websites.

And, yes, the world’s governments. You can watch the film’s trailer here:

This reporter watched the entire just recently. In the film’s open, the viewer is introduced to the concept of data collection, and the rules by which that data is collected, often outlined to the user by opaque privacy notices that only the most dedicated of consumers could possibly truly consume and understand. Further, it looks at the ways in which those privacy notices changed after 9/11, the introduction of the Patriot Act and then later FISA legislation.

Suddenly, as will be news to very few readers of The Privacy Advisor, the U.S. government, and by extension the governments of its allies, had access to a vast trove of data about citizens all over the planet, much of it happily submitted by the users, themselves, to social networks and search engines, including the world’s largest, Facebook and Google.

Those of us in the privacy industry recognize a number of familiar faces. Jason Hong’s work at Carnegie Mellon (recently presented at Navigate) is mentioned. Ryan Calo, recent winner of the IAPP prize at PLSC, is interviewed. Christopher Soghoian of the ACLU gets a lot of screentime. Even a few celebrities, like electronic musician Moby or author Margaret Atwood, chime in from time to time.

Notably missing, however, are the CPOs of the companies whose data collection and distribution policies are being scrutinized (often with menacing music playing in the background).

“A lot of those bigger firms, they really didn’t want to speak on issues surrounding the privacy policies and back-end systems,” said Hoback, in an interview with The Privacy Advisor. “I had some pretty high up people putting in some requests for me, and they wouldn’t speak on those issues. That was frustrating.”

However, though Hoback makes sure to outline some of the “creepy” ways that companies have used customer data – he trots out the well-known examples of Target knowing a 15-year-old was pregnant before her father knew; the never-documented occurrence of a health insurer possibly raising premiums based on knowledge of smoking or drinking or genetics – the thrust of the film is the way that government accesses that data and uses it in ways both justifiable and potentially not.

We get real-life reports of a comedian getting a visit from the police because of a quote from Fight Club he posted on Facebook; an Irish tourist being denied entry to the United States because he said he was “off to destroy America” (meaning party really hard) in a tweet; a local theater troupe in the UK getting arrested and kept from performing during the recent royal wedding celebration after they organized activities on social media.

“The reality is,” Hoback said, “that companies are going to behave like companies, and the reason that we have a government is so that we can have some kind of collecting bargaining power about what they can and cannot do.” Hoback believes the U.S. government, in particular, has abdicated that power on its citizens’ behalf.

“I think a lot of people at these companies think these polices are overreaching and would like to see the government have less power to have access to this data,” he said. “And it undermines the trust that companies have with their customers.”

Does he think, like Leslie Harris at the CDT and journalism professor Jeff Jarvis writing in the Guardian, that these companies have an ethical obligation to collect less data and avoid some programs because they know the government will then be able to come along and scoop that data up?

“It would be nice if corporations would be that responsible,” Hoback laughed, “but a corporation, well, if there’s no regulation in place, if one corporation doesn’t take advantage of it, another one will. I don’t think it’s fair for a corporation to self-regulate, unless that self-regulation comes to be seen as a benefit in the eyes of the users. If the user sees the value of a company not using their information in a way that can be easily handed over to the government, then that service might succeed on that principle.”

After two years of researching the topic for his film, does Hoback think, as Forrester recently predicted, that privacy will be “the new green”?

He’s not sure yet. “With lack of awareness [on behalf of the consumer], there’s no incentive,” he said, but that awareness and demand is starting to increase. He noted the increase in DuckDuckGo use and the rise of Snapchat, “even though it doesn’t do what it says it’s doing.”

“People are clamoring for their digital trail to be erasable,” Hoback said, “and to be able to communicate privately. These desires are out there. If the Googles and the Facebooks of the world don’t self-regulate, then people might look elsewhere. But these tools have almost become public utilities, where people feel like they can’t leave, and if that’s the case then we need to use that collective bargaining power to limit what the government can see.”

While Hoback said he went into making the film as an investigator, but wound up an advocate, he isn’t anti-data collection. He just feels people need to wrestle back control of their data. “The things that allow marketing to happen are what allow the government to spy on us,” he said. “We really have to grapple with how we restore the autonomy to the user and give them more control. They might be willing to share their information, but right now it’s an opt-out universe. You don’t’ have control in any meaningful way.”

Perhaps the data lockers and data marketplace that Adam Theirer wrote about recently are part of the answer, Hoback speculated. However, he’s not claiming to have the answers for solving the problem – though he feels that certain U.S. government officials ought to be prosecuted for what he feels are violations of the law in their data use.

Rather, he said, he wants to raise questions and attention to the issue. “I hope people see this movie as a tool for raising awareness,” he said. “That’s how I see it. It follows my journey and it puts the audience in the driver’s seat of what’s happening.”

Editor’s Note: Terms and Conditions May Apply screens Aug. 16 through 22, at the Lake Worth, FL, Playhouse. Visit www.lakeworthplayhouse.org. It screens Aug. 16 through 22 in Washington, DC, at the West End Cinema. Visit www.westendcinema.com. It screens Aug. 16 through 22 in San Diego, CA, at the Digital Gym. Visit www.digitalgym.org. Visit www.trackoff.us for further screening dates and times.

Read More By Sam Pfeifle:
First PCLOB Meeting’s Ideas for USA PATRIOT Act; FISA Improvements May Affect Interaction with Private Industry
The Future of Data Dealer Is in the Balance
How UI and UX can KO privacy
IAPP Members in the News PRIVACY IN POPULAR CULTURE: This NSA PRISM Story Isn’t Funny … Except When It Is


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»