Government Surveilance – Should We “Get Over It”?

As I’ve noted before, in 1999 Scott McNeely said, “You have zero privacy anyway. Get over it.” Roughly 14 years later (multiple lifetimes in terms of politics and the internet), President Obama said pretty much the same thing, albeit disguised in more erudite terms, when talking about the “conversation” we ought to have about government monitoring.

The interesting thing about his proposals about “improving” how the government goes about monitoring all of our communications is that he didn’t say we should talk about whether the government should be monitoring our communications, he said that we need to talk about the steps the government should take so that we trust them when they monitor all of our communications – so that we can have the same kind of confidence he does that it’s the right thing to do. In other words, the government is going to monitor all of your communications – get over it.

But should we get over it?

Now that we’ve had a glimpse into what the NSA is doing by “touching 1.6% of Internet information” with programs like PRISM (which facilitates the collection of data by the government from companies like Google, Yahoo, Microsoft and Facebook) and XKeyScore (which, according to the NSA training materials disclosed by Edward Snowden, is the NSA’s “widest reaching” system for developing intelligence from the Internet and covers “nearly everything a typical user does on the Internet.”) we need to be asking ourselves what level of government surveillance and data collection should we actually be permitting?

We live in an “information economy,” and the essence of an economy is transactions in some kind of currency. In this case, personal data. We regularly evaluate and criticize what the government does with our tax dollars, because we understand the current and future value of that currency. With these programs we are evaluating what the government is doing with this currency of personal data without any meaningful idea of what it’s actually worth to us and what the costs are of giving it up.

Many people look at what the government is doing and say things like, “Personally, I have nothing to hide, so it’s not really affecting me. It’s not like they’re invading my privacy. I worry about New York because it’s such a target.” In Britain, for example, the government has installed millions of public-surveillance cameras in cities and towns, which are watched by officials via closed-circuit television. In a campaign slogan for the program, the government declares: “If you’ve got nothing to hide, you’ve got nothing to fear.”

Although fairly common, that’s a very myopic view. As Cardinal Richelieu said, “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him,” and Aleksandr Solzhenitsyn declared, “Everyone is guilty of something or has something to conceal. All one has to do is look hard enough to find what it is.” Almost everyone has “something to hide” — some intimate corners of our lives we don’t want exposed to strangers (or even worse, in some cases, people who know us), even if we’re not doing anything we think is “wrong” or “illegal.” As Billy Joel put it:

Well we all fall in love
But we disregard the danger
Though we share so many secrets
There are some we never tell
Why were you so surprised
That you never saw the stranger
Did you ever let your lover see
The stranger in yourself?

The desire for “privacy” comes out in polls that also show that people aren’t nearly as relaxed about the idea of the government reading their emails and online chats. So, when people say that they’re ok with government monitoring, what they really mean is that they don’t think the information the government is collecting (a list of phone numbers, IP addresses, etc.) will expose any of those sensitive secrets. As President Obama said, “When it comes to telephone calls, nobody is listening to your telephone calls.” Instead, the government was just “sifting through this so-called metadata.”

So, if the disclosure of metadata isn’t a big deal, let’s look at the kinds of things we’re ok with having the government “know”:

• You received a call from a private investigator, then called your mother, spent some time on the website askalawyer.com/divorce, then called a divorce lawyer. But the actual conversations were not recorded.
• You regularly receive email from Match.com even though you’re married (but no one knows what’s inside the email because they only collect the metadata, of course) and you are frequently recorded clicking through to the Match.com website where you frequently look at profiles of women looking for dates.
• You received a call from your doctor (but the conversation was not recorded), then went on Amazon.com and looked at books on cancer, then went to a website that specializes in realistic looking wigs.
• You called a suicide hotline from near the Golden Gate Bridge (since law enforcement can also access the location of your cell phone without a warrant). But the actual conversation remains a secret.
• You called a gynecologist, spoke for a half hour, and then called the Planned Parenthood chapter in a nearby state later that day. But the actual conversations were not recorded.
• Someone using a computer in your house or your mobile device regularly connects to a website with the URL kinkyfetishporn.com.

And if we add the type of data collected by license plate readers and cell phone tower records and your own GPS-tagged pictures and Tweets from your mobile device, the profile of your activities becomes fairly detailed.

But, while the idea that someone at the NSA could conceivably find these things out about you might be a little creepy, none of these things is illegal. It might make life awkward if it were disclosed, but we’re not talking about criminal behavior or matters of national security. But this is where President Obama’s “trust us” factor comes into play.

As long as the government is only using their access to “1.6 percent of all internet traffic” (which is more than Google “touches”) and the other sources in their database to look for specific terror or espionage suspects, very few people are actually going to pop up as targets. But since the existence of the program was secret before Snowden, and even the authority under which the program operated was classified, if they change their minds about the rules governing access to the database or how it’s put to use – we’re unlikely to ever know. Were someone to decide that the NSA database should be used whenever there is evidence of a crime, we could all be in trouble – for example as discussed in “How You’re Breaking the Law Every Day (and What You Can Do About It)” and the book “Technically That’s Illegal”.

This kind of data collection and analysis, which is hidden from view of (or even knowledge of) the public and the data subject creates a structural imbalance between the people and the government. The government has, under secret interpretations of laws, created secret programs that are capable of collecting and assembling enormous and frighteningly accurate dossiers on people’s personal activities. This is not a question of what people want to hide or not, it is a fundamental question about the power relationship between the government and the people.

The problems with government surveillance and aggregation of data go much further than the Orwellian “Big Brother” implications. As Prof. Daniel Solove has noted, they move to the Kafkaesque:

Government information-gathering programs are problematic even if no information that people want to hide is uncovered. In The Trial, the problem is not inhibited behavior but rather a suffocating powerlessness and vulnerability created by the court system’s use of personal data and its denial to the protagonist of any knowledge of or participation in the process. The harms are bureaucratic ones—indifference, error, abuse, frustration, and lack of transparency and accountability.

The best example of this is the TSA’s infamous “No-Fly List.” People arrived at the airport only to discover they were “on the list.” No one could tell you why you were on the list or how to get off the list, as described in great detail in this piece, which includes the following quotes from the FBI’s FAQ about the No-Fly List:

Can I find out if I am in the TSDB? [that’s Terrorist Screening Database]

The TSC cannot reveal whether a particular person is in the TSDB. The TSDB remains an effective tool in the government’s counterterrorism efforts because its contents are not disclosed. If TSC revealed who was in the TSDB, terrorist organizations would be able to circumvent the purpose of the terrorist watchlist by determining in advance which of their members are likely to be questioned or detained.

I am having trouble when I try to fly or cross the border into the United States. Does this mean I am in the TSDB? No. At security checkpoints like our nation’s borders, there are many law enforcement or security reasons that an individual may be singled out for additional screening. Most agencies have redress offices (e.g., Ombudsman) where individuals who are experiencing repeated problems can seek help. If an individual is experiencing these kinds of difficulties, he/she should cooperate with the agency screeners and explain the recurring problems. The screeners can supply instructions on how to raise concerns to the appropriate agency redress office.

As the article points out, “So they won’t tell you if you’re on the list, and if you’re denied the ability to fly you could be on it… but then again, not necessarily, because other government agencies have their own secret blacklists.”

Solove goes on to highlight two more problems with this type of governmental data collection:

A related problem involves secondary use. Secondary use is the exploitation of data obtained for one purpose for an unrelated purpose without the subject’s consent. How long will personal data be stored? How will the information be used? What could it be used for in the future? The potential uses of any piece of personal information are vast. Without limits on or accountability for how that information is used, it is hard for people to assess the dangers of the data’s being in the government’s control.

In other words, without understanding the value of the currency the government has collected, we can’t accurately decide what we’ve given up and whether the government is making good use of this currency.

Yet another problem with government gathering and use of personal data is distortion. Although personal information can reveal quite a lot about people’s personalities and activities, it often fails to reflect the whole person. It can paint a distorted picture, especially since records are reductive—they often capture information in a standardized format with many details omitted.

For example, suppose government officials learn that a person has bought a number of books on how to manufacture methamphetamine. That information makes them suspect that he’s building a meth lab. What is missing from the records is the full story: The person is writing a novel about a character who makes meth. When he bought the books, he didn’t consider how suspicious the purchase might appear to government officials, and his records didn’t reveal the reason for the purchases. Should he have to worry about government scrutiny of all his purchases and actions? Should he have to be concerned that he’ll wind up on a suspicious-persons list? Even if he isn’t doing anything wrong, he may want to keep his records away from government officials who might make faulty inferences from them. He might not want to have to worry about how everything he does will be perceived by officials nervously monitoring for criminal activity. He might not want to have a computer flag him as suspicious because he has an unusual pattern of behavior.

Our privacy is not being stripped from us in one fell swoop – that would cause an uproar. And, as I’ve mentioned before, we are complicit in the erosion of our own personal privacy given the amount of data we willingly give out. But look at where we already are and where we could easily go:

• The government is monitoring the phone numbers you call and the ones that call you. “Well,” you say, “that helps them catch terrorists and criminals, and they’re just checking phone numbers, not listening to my calls.” But they don’t tell you how long they’re keeping your phone records or who is looking at them. So you just assume that they are all being logged. So do the criminals/terrorists, so they use methods to make this process more difficult for the government. The cleanest, easiest to analyze records belong to the law abiding citizens who have nothing to hide.

• Then the government might start monitoring some phone calls. But, of course, in order to prevent the criminals/terrorists from circumventing this, they keep the monitoring program a secret. When it becomes public knowledge, you say, “Well, my life is boring. If they want to listen to me talk to Marie about her bunions, well that’s just fine. I’ve got nothing to hide and it’ll help them catch the criminals and the terrorists.” The sophisticated criminals and terrorists move on to other, more secure means of communicating, and the only calls that get recorded are the general public and the criminals too dumb to use a different tool.

• The local and state police are monitoring where your car goes by photographing the license plate and putting it into a database. “Well,” you say, “that helps them identify stolen cars, and it might help them with one of those Amber alerts.” Again, it’s difficult to find out how long this information is stored, who has access to it and how it is being used.

• The government might install more video cameras in public places (or if you’re in the UK, they already did). “Well,” you say, “those cameras prevent crime and they help solve crimes. I’m not doing anything wrong – I don’t care if someone’s watching me.” There have been studies to show that the cameras in the UK don’t have a significant impact on solving crimes, but as with each of the other measures, it’s difficult to find out how long this information is stored, who has access to it and how it is being used.

• The government is capable of monitoring who you email and who emails you. “Well,” you say, “I feel sorry for the poor shmuck who has to look at that. I don’t do anything interesting, and if it helps them protect us from the terrorists, that’s ok.” Like the phone records, they don’t tell you how long they’re keeping your email history or who is looking at them. So you just assume that they are all being logged. So do the criminals/terrorists, so they use methods to make this process more difficult for the government. The cleanest, easiest to analyze records belong to the law abiding citizens who have nothing to hide.

• The government is capable of monitoring every website you look at. They record them and never delete them, creating a history of what you were thinking and interested in at any given time that is far more accurate than your own memory. “Well,” you say, “that’s a little creepy. But no one actually looks at that stuff unless they think you’ve done something wrong.”

Each step seems trivial, and is only a minor intrusion given each of the previous steps, and, after all, it’s for a good cause. But after a while, the government will be watching and knowing everything about us in near real-time. We will have willingly walked into the Panopticon.

As Julian Sanchez wrote here,

It’s slow and subtle, but surveillance societies inexorably train us for helplessness, anxiety and compliance. Maybe they’ll never look at your call logs, read your emails or listen in on your intimate conversations. You’ll just live with the knowledge that they always could — and if you ever had anything worth hiding, there would be nowhere left to hide it.

So, if you’ve read this far, I think you know my answer. We should not “go gently into that good night” of the Panopticon, just because the government says its for our own good. The 4th Amendment to the US Constitution says,

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The wholesale collection of data and personal information by the government “just in case they need it in the future” is inconsistent with the principles of the 4th Amendment and it should be stopped. The government’s approach treats us all as potential criminals/terrorists whose information needs to be collected just in case they discover a reason to put us under the microscope. This premise is anathema to the concept of innocent until proven guilty. Information should only be collected about a person who is legitimately under investigation or who is identified as being reasonably related to an investigation. Government data collection should be subject to reasonable limitations on scope, duration of retention, use and access, and there should be a more reasonable way for the public to know about and approve (or disapprove) these programs. We should not have to rely on people like Edward Snowden (whatever you think of him) to bring these issues to the public consciousness.

Advertisements

About John Nicholson

I'm a transactional attorney who focuses on structuring and negotiating large outsourcing transactions (both on and offshore). As part of my work, I've specialized in: - Structuring and negotiating large outsourcing transactions (both on and offshore) including IT outsourcing and various BPOs (including HRO, Facilities Management, Procurement, Finance and Accounting), large systems development and implementations; - Assisting with development of RFPs, proposal evaluation, down select, and negotiation; - US and European privacy laws, including US Safe Harbor, and state privacy and data breach notification laws; and - Privacy, security, legal and contractual issues associated with cloud computing. I'm a frequent speaker on outsourcing, privacy and security issues. Before becoming a lawyer, I was the acting IT director for a mid-size company prior to hiring the CIO and project manager for the company's Oracle Financials implementation.
This entry was posted in privacy, social media and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s