Privacy At Home
One of the central themes in the FreedomBox project is hosting services in one's home to benefit from additional legal protections for privacy that may not apply to similar services in the cloud.
More than the simple benefit of "hosting one's own services" these legal protections may provide a substantially better level of privacy often by requiring additional steps for third parties to access the data.
Cloud based services are not necessarily or categorically "anti-privacy", but their legal obligations are often different than those for individuals. For example we have seen a recent set of "voluntary" actions by companies in both the EU and US jurisdictions are undermining constitutional and legal freedoms. Examples include:
- The Eircom case in Ireland
The US attorneys general campaign to persuade Craigslist to delete their adult service section
- Amazon's decision to remove Wikileaks' web hosting
This page is not intended as legal advice nor attempts to be a comprehensive reference for interpretation of law in the myriad of global jurisdictions. The purpose of this page is to collect pointers to laws, legal opinions, and other references which elucidate the special case of privacy at home.
The Fourth Amendment (Amendment IV) to the United States Constitution is the part of the Bill of Rights which guards against unreasonable searches and seizures when the searched party has a "reasonable expectation of privacy". The amendment specifically also requires search and arrest warrants be judicially sanctioned and supported by probable cause.
The European analogy of the 4th amendment is spread out over several articles of the European Convention on Human Rights (ECHR). For example article 6, which is about due process, and article 8 which is about privacy could be argued as analogs to the 4th amendment.
- Article 8 provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions that are "in accordance with law" and "necessary in a democratic society".
Note that article 15 warrants secrecy of correspondence and all communication and requires an order by a court having jurisdiction to remove that secrecy.
Strictly speaking, the EU has at least the same protections as the US 4th amendment, in particular via Council of Europe Recommendation R(87)15 and the EU Framework Decision.
Also it is important to consider the EU Charter of Fundamental Rights.
Germany has privacy provisions in its constitution (articles 10 and 13).
Italy has privacy provisions in its constitution.
The following are basics of the Polish Criminal Proceedings (all the rules established by the the European Convention on Human Rights and the Court also apply):
The search and seizure can be performed only by a prosecutor or the police (in general, the police have to have a court's order). A search should be conducted with moderation and with observance of dignity of persons who are subject to search, and without causing unnecessary damage and ailment (Article 227 of the Polish Code of Criminal Proceedings - CCP). A person who is subject to search must be notified of the search before and must be asked to disclose all items that are sought. The police should present the order of the court or prosecutor (Article 220 § 3 of the CCP). In urgent cases, if the decision of the court or the prosecutor has not been issued yet, the police officer making the search has to show his ID and/or the order issued by his superior, and then he has to return immediately to the court or prosecutor to approve such a search.
Such search approval decision of the court or prosecutor shall be served to the person who has been searched, within 7 days from the search. If, within 7 days from the date of the search there are no court's approval, all seized things shall be returned immediately to the person entitled, unless they were given voluntarily and that person has not requested return of these things. The rightful owner should have immediately returned things that are not needed for criminal proceedings (Article 230 § 1 and 2 CPC).
A similar provision can be found in § 37 of the Constitution of the Republic of Slovenia. Other important articles include §§ 38,29.
Please find the official English translation of the articles in question quoted below:
- Article 37 (Protection of the Privacy of Correspondence and Other Means of Communication)
- The privacy of correspondence and other means of communication shall be guaranteed.
- Only a law may prescribe that on the basis of a court order the protection of the privacy of correspondence and other means of communication and the inviolability of personal privacy be suspended for a set time where such is necessary for the institution or course of criminal proceedings or for reasons of national security.
- Article 38 (Protection of Personal Data)
- The protection of personal data shall be guaranteed. The use of personal data contrary to the purpose for which it was collected is prohibited.
- The collection, processing, designated use, supervision, and protection of the confidentiality of personal data shall be provided by law.
- Everyone has the right of access to the collected personal data that relates to him and the right to judicial protection in the event of any abuse of such data.
- Article 39(Freedom of Expression)
- Freedom of expression of thought, freedom of speech and public appearance, freedom of the press, and other forms of public communication and expression shall be guaranteed. Everyone may freely collect, receive, and disseminate information and opinions.
- Except in such cases as are provided by law, everyone has the right to obtain information of a public nature in which he has a well founded legal interest under law.