The problem with Privacy

The problem with Privacy - Summer 2007

In 2003, David Nelson, an Illinois trial attorney embarking on a business trip, stepped up to the ticket counter and greeted the airline agent. His wife and children stood behind, having come to see Nelson safely off.

As he waited for his boarding pass, the agent asked to see his driver’s license and posed questions frequent air travelers can recite from memory: Has anyone unknown to you asked you to carry an item on this flight? Have any of the items you are traveling with been out of your immediate control since the time you packed them?

But the agent’s demeanor soon changed. There were more questions, each more pointed and suspicious. Then, as his wife and kids looked on, several police of?cers with dogs appeared. Nelson was taken to an inspection area where of?cials peppered him with more questions. After a long and nerve-wracking interrogation, Nelson was released.  

By 2004, Nelson had repeated this scenario some 40 times. His crime was in name only. A ?awed security system confused him—and every other passenger bearing the same moniker—with a suspected terrorist named David Nelson.

Following 9/11, the Transportation Security Administration hurriedly created a “no-?y” list, intended to warn airline of?cials to possible security threats. In their rush, they neglected to equip the system with any mechanism for distinguishing between terror-suspect David Nelson and an innocent lawyer from Illinois. All David Nelsons—even former child star of the 1950s TV sitcom The Adventures of Ozzie and Harriet, stopped on his way to visit his daughter in Utah—were subjected to unnecessary and unnerving interrogations.

In a time when airplanes are hijacked and used as weapons to kill thousands, most airline passengers expect long security lines, more rigorous searches of their bags, and closer scrutiny of identi?cation and ?ight documents. And, for the most part, few argue against these measures. But when security leads to problems beyond simple inconvenience—as was the case with David Nelson—many protest. Loudly. But is that protest justi?ed?

We expect the government to use its power to screen dangerous persons from boarding airplanes, stop terrorists from entering our borders, or prevent criminals and the mentally unstable from buying guns. In times of war, Americans have been willing to accept limited periods of more intrusive government collection of personal information.

If mismanaged or abused, however, personal information can be used to the opposite effect—misidentifying the terrorist about to board an aircraft with malicious intent or the detention and arrest of innocent people. Privacy advocates ask, are we giving up too much personal privacy for security and safety? Privacy is one of the fundamental liberties that makes the United States a classically liberal and open democracy. Professor Emeritus from the University of Western Ontario and long-time privacy authority David Flaherty wrote 30 years ago during the Cold War that privacy distinguishes us from totalitarian states such as the Soviet Union and East Germany. Totalitarian states allow their citizens little privacy and maintain a high degree of personal surveillance over them. Liberal and open democracies provide their citizens with privacy protections and transparency on the use of their information.  

Advocates for security and privacy view the paradigm as a balancing act—if one gives up ground, the other must lose some. The model sets privacy and security in opposition to each other. Law-and-order advocates will sneer at privacy advocates as being soft on terrorists and privacy advocates will sneer at law-and-order advocates as wanting to build a police state. But is that the right model? Is it possible to have privacy “baked into” our security measures—to have both without giving up one or the other?


The problem with Privacy - Summer 2007

What is privacy?
In a traditional sense, privacy meant that citizens had the right to be safe in their homes from unreasonable search and seizure. But inventions in technology and the growth of the country have dramatically altered the accepted definition of privacy. Justice Louis Brandeis was among the first legal minds to consider how new technology affected privacy. In a seminal Harvard Law Review article from 1890, he grappled with how a new technology might invade our privacy and portray individuals in a false light. That new intrusive technology was the portable camera.  

In the early 1970s, the widespread government use of mainframe computers made the storage, access, and sharing of personal information cheap and easy. The dawn of the digital age, combined with government abuses during the Watergate scandal, caused Congress to pass the Privacy Act of 1974. The law required the government to observe protections such as notice, access, and redress regarding the use of Americans’ personal information. 

Today, the definition is vastly expanded to include information in cyberspace. For that reason, data privacy is where the privacy debate is taking place today. The digital world is not an easy thing to touch, feel, and kick, however. Because data privacy is not easily perceived, the issue appears much more as an abstract. Indeed, if you ask 100 privacy experts the meaning of privacy you’ll likely get 100 different answers. Perhaps the best definition was given by Supreme Court Justice Louis Brandeis in 1928 when he wrote that privacy is “the right to be left alone.”

As privacy becomes more abstract, it becomes more difficult for the average person to care about their personal information. According to the Ponemon Institute, a nonprofit think tank created to study privacy and data collection, Americans are either privacy centric, privacy sensitive, or privacy complacent. Privacy centric individuals, who account for 12 percent of the nation’s population, alter their behavior to protect their privacy. The 68 percent of citizens who are privacy sensitive might alter their behavior depending on the trade-offs for the convenience gained, such as enrolling in a frequent-flyer traveler program in exchange for a shorter security line at the airport. The remaining 20 percent are privacy complacent, meaning that they take no action to protect their privacy.

A typical privacy-complacent person might react, “Well, if I’m not doing anything wrong, why should I worry about giving up my personal information?” The privacy-sensitive person might say, “I know I’m not doing anything wrong, but I don’t know about the guy sitting next to me on the plane and wouldn’t mind if you watched him.” As for the privacy-centric individual: “If I’m not doing anything wrong, then you have no cause to watch me.”

There are selected moments when most Americans can be privacy centric. In January 2002, the Defense Advanced Research Projects Agency proposed to integrate numerous information systems to identify potential terrorist threats through the Total Information Awareness program—TIA for short. TIA would create a database of an unprecedented scale, combining data on bank accounts, credit cards, brokerage accounts, educational history, travel patterns, medical history, immigration status, housing, telephone calls, Internet usage, and biometric data such as digital photographs, fingerprints, iris data, driver’s licenses, airline tickets, rental car records, gun purchases, and criminal records. Following intense public criticism that the development and deployment of these technologies could potentially lead to a mass Orwellian surveillance system, the project lost funding from Congress in 2003.

Even our trash left at curbside may give away our most personal secrets to the government. In a recent Montana court case, the judge who upheld the police search of a suspect’s trash, did so reluctantly: “… I know that my personal information is recorded in databases, servers, hard drives, and file cabinets all over the world. I know that these portals to the most intimate details of my life are restricted only by the degree of sophistication and goodwill or malevolence of the person, institution, corporation, or government that wants access to my data. I also know that much of my life can be reconstructed from the contents of my garbage can.”

In short, the government can access our identities from the range of personal information collected and stored in its databases to the DNA found in our trashcans. Some of it is collected with our knowledge…and some without.

The problem with Privacy - Summer 2007

Privacy post-9/11
Since 9/11, new laws have allowed those in government to share more of our information for a new and different purpose. The intention is to counter terrorism, but methods can extend to collecting information for seemingly benign purposes. For example, personal information collected for Social Security benefits, issuance of driver’s licenses, or census data can be shared with others who assert national security reasons. Recently, it was revealed that during World War II information provided to the census under a pledge of confidentiality was passed along to the FBI to determine where Japanese-Americans were living.  

Several of the 9/11 hijackers obtained false drivers licenses and passports. Consequently, the mundane act of processing driver’s licenses became part of the war on terror. Congress responded in 2005 by passing the REAL ID Act, which sought to improve the standards for what is required to obtain a driver’s license. When instituted, this will give the federal government power to set standards on issuing driver’s licenses. Thus, at the same time that we look to the government for protection against terrorists, we expect the government to provide licenses to millions of us as we wait.

Why should we care about privacy even with driver’s licenses? Privacy advocates argued that REAL ID would allow the federal government to create the mother of all databases for total surveillance of anyone who holds a driver’s license. This fear has not been realized.

Following 9/11, Americans looked to the government to take immediate and bold steps to protect us from further attacks. Congress swiftly passed the USA PATRIOT Act and the Intelligence Reform Act to improve the use of personal information for counter-terrorist purposes. The FBI was given expanded powers to use “national security letters” that allowed for the collection of information about someone’s telephone, reading, and buying habits.

At the same time, the 9/11 Commission, and later Congress, saw the potential threat to individual privacy and created the President’s Board on Safeguarding Americans’ Civil Liberties. Composed of a bi-partisan group of five members with experience in both privacy and security fields, the board is charged with reviewing the terrorism-information sharing practices of the government and to advise the President on whether appropriate guidelines are in place to protect privacy and civil liberties. The board is reviewing many of the more controversial programs, such as the NSA wiretapping program, and is expected to issue its first report soon.

Nearly six years after President George W. Bush and other global leaders declared war on terrorism, governmental institutions—at the behest of Congress, inspectors general, and the public—are re-examining many of the extraordinary measures that were implemented as part of wartime strategy. The review has revealed flaws in several national security initiatives and identified ways to make improvements. For example, in February, the FBI inspector general found that agents in dozens of cases “misused” their authority to obtain national security letters affecting thousands of individuals and/or failed to have a system in place that provided for any accounting of how many such letters were used.

In January, Congress launched an inquiry into the National Security Agency’s electronic eavesdropping program, which was authorized by President Bush shortly after 9/11, allowing the NSA to listen in on some Americans’ phone conversations without a court warrant. The program was based implicitly on the President’s power under the Authorization for Use of Military Force issued by Congress. At the same time, with the 110th Congress in place, the attorney general advised that results of the program would be reported to Congress.

David Nelson’s frustrations were rooted in another measure instituted by the White House, the Terrorist Screening Center (TSC). An interagency effort led by the Homeland Security and State departments and the FBI, the TSC is a means to consolidate and analyze information gathered by the respective agencies and thus more efficiently identify and monitor threats. The government reports that the TSC has trimmed thousands of false positives from the “no-fly” list it maintains, which should reduce the chances that law-abiding travelers are misidentified. The center also recently unveiled a redress mechanism for travelers who believe they may have been unfairly included on such lists.


The Future of Privacy
So, with some hard lessons learned and a still-developing understanding of the line between security and privacy, what can we expect in the world of privacy in the next few years?

Support Across the Political Spectrum
Politically, privacy is one of the few issues that draws allies from all sides of the political spectrum. Conservatives and Libertarians see it through the lens of too much government interference in the life of the individual. Liberals see privacy as part of a robust civil rights framework. Former conservative Republican Congressman Robert Barr formed Patriots to Restore Checks and Balances, a group to follow privacy issues under the USA PATRIOT Act and the NSA program on telephone monitoring. Likewise, the libertarian CATO Institute advocates strong privacy protections. The ACLU, often identified as a liberal organization, and Democratic congressmen have fought for privacy as part of a strong civil rights issue.

Because of its bipartisan appeal, legislation safe-guarding privacy could receive powerful political backing. There have already been a slew of privacy-related bills, including legislation to make it illegal to sell or buy Social Security numbers and impose restrictions on pretexting—that is, engaging in misleading actions to obtain sensitive personal data.

Perhaps the biggest debate to come will be over the possibility of a national data protection law that would provide an independent data protection czar to oversee all commercial use of personal data, similar to the European Union framework. Several large information technology companies, including Microsoft, have come out in favor of such a new law.

Privacy will also become an issue in the 2008 Presidential campaign. Senator Hillary Rodham Clinton was the first Democratic candidate to propose a “privacy bill of rights” and a federal privacy czar. Expect other candidates to make privacy a similarly high-profile issue.

Blurred Boundaries: government and business
The boundaries between whether business or government have control of your personal information will continue to blur. Businesses have come under pressure to share your personal information with the government—with or without a court order. Last year, the Department of Justice asked a federal judge to order Google to turn over one million random Web addresses and records of all Google searches from any one-week period. Google objected and was able to negotiate a much smaller sample of 50,000 records.  

The Globalization of Information
Your personal information will increasingly travel the globe. As data flows grow and are increasingly relied upon for international security, variance among countries’ privacy frameworks has become a serious obstacle for law enforcement. Privacy leaders in government consider whether a global privacy framework may be the ultimate result of efforts to address conflicting national requirements. Last November, during the 28th International Conference of Data Protection and Privacy Commissioners in London, members of the conference renewed their call for an international data protection convention and called upon the United Nations to begin work on an international privacy convention. While the timing on a U.N. convention remains uncertain, it is more than likely that many governments—especially European governments who view themselves as providing stricter data protectors—will continue to call for some sort of an international privacy standard.

A Better Balance
The question remains: Can we have both privacy and security? The answer depends in part on the two groups working more closely together. This means changing the paradigm from “balancing” one verses the other to an integrated model.

One hope is that the use of technology may enable integration—privacy will be built in at the start of any new information collection system. IBM engineer Jeff Jonas predicts that a technology such as “anonymization” will allow the government to protect our identities while also protecting our safety. Anonymization is software that allows organizations to analyze and compare personal information that has been protected in such a way that it can still be understood by computers but not understood by humans. While it is unclear how far off widespread use of this technology may be, some anonymization software is already available to consumers in a limited form through Internet programs such as Anonymizer or Kaxy.

But as much as technology may help, it will not be the silver bullet. Ultimately, our laws may not keep up with the pace of privacy-invasive technologies. The issue will require the public to be well-informed about technology and how best to protect themselves. For the time being, however, we are in a vulnerable phase. In the end, the loss of privacy is not a sudden thing. As the great English statesman Edmund Burke concluded, the true danger is when liberty is nibbled away, for expedience, and by parts.

Published August 2007