Tag: privacy

On Fourth Amendment Privacy: Everybody’s Wrong

Everybody’s wrong. That’s sort of the message I was putting out when I wrote my 2008 American University Law Review article entitled “Reforming Fourth Amendment Privacy Doctrine.”

A lot of people have poured a lot of effort into the “reasonable expectation of privacy” formulation Justice Harlan wrote about in his concurrence to the 1967 decision in U.S. v. Katz. But the Fourth Amendment isn’t about people’s expectations or the reasonableness of their expectations. It’s about whether, as a factual matter, they have concealed information from others—and whether the government is being reasonable in trying to discover that information.

The upshot of the “reasonable expectation of privacy” formulation is that the government can argue—straight-faced—that Americans don’t have a Fourth Amendment interest in their locations throughout the day and night because data revealing it is produced by their mobile phones’ interactions with telecommunications providers, and the telecom companies have that data.

I sat down with podcaster extraordinaire Caleb Brown the other day to talk about all this. He titled our conversation provocatively: “Should the Government Own Your GPS Location?

Government-Mandated Spying on Bank Customers Undermines both Privacy and Law Enforcement

I recently publicized an interesting map showing that so-called tax havens are not hotbeds of dirty money. A more fundamental question is whether anti-money laundering laws are an effective way of fighting crime – particularly since they substantially undermine privacy.

In this new six-minute video, I ask whether it’s time to radically rethink a system that costs billions of dollars each year, forces banks to snoop on their customers, and misallocates law enforcement resources.

Big Teacher Is Watching

Researching government invasions of privacy all day, I come across my fair share of incredibly creepy stories, but this one may just take the cake.  A lawsuit alleges that the Lower Merion School District in suburban Pennsylvania used laptops issued to each student to spy on the kids at home by remotely and surreptitiously activating the webcam built into the bezel of each one. The horrified parents of one student apparently learned about this capability when their son was called in to the assistant principal’s office and accused of “inappropriate behavior while at home.” The evidence? A still photograph taken by the laptop camera in the student’s home.

I’ll admit, at first I was somewhat skeptical—if only because this kind of spying is in such flagrant violation of so many statutes that I thought surely one of the dozens of people involved in setting it up would have piped up and said: “You know, we could all go to jail for this.” But then one of the commenters over at Boing Boing reminded me that I’d seen something like this before, in a clip from Frontline documentary about the use of technology in one Bronx school.  Scroll ahead to 4:37 and you’ll see a school administrator explain how he can monitor what the kids are up to on their laptops in class. When he sees students using the built-in Photo Booth software to check their hair instead of paying attention, he remotely triggers it to snap a picture, then laughs as the kids realize they’re under observation and scurry back to approved activities.

I’ll admit, when I first saw that documentary—it aired this past summer—that scene didn’t especially jump out at me. The kids were, after all, in class, where we expect them to be under the teacher’s watchful eye most of the time anyway. The now obvious question, of course, is: What prevents someone from activating precisely the same monitoring software when the kids take the laptops home, provided they’re still connected to the Internet?  Still more chilling: What use is being made of these capabilities by administrators who know better than to disclose their extracurricular surveillance to the students?  Are we confident that none of these schools employ anyone who might succumb to the temptation to check in on teenagers getting out of the shower in the morning? How would we ever know?

I dwell on this because it’s a powerful illustration of a more general point that can’t be made often enough about surveillance: Architecture is everything. The monitoring software on these laptops was installed with an arguably legitimate educational purpose, but once the architecture of surveillance is in place, abuse becomes practically inevitable.  Imagine that, instead of being allowed to install a bug in someone’s home after obtaining a warrant, the government placed bugs in all homes—promising to activate them only pursuant to a judicial order.  Even if we assume the promise were always kept and the system were unhackable—both wildly implausible suppositions—the amount of surveillance would surely spike, because the ease of resorting to it would be much greater even if the formal legal prerequisites remained the same. And, of course, the existence of the mics would have a psychological effect of making surveillance seem like a default.

You can see this effect in law enforcement demands for data retention laws, which would require Internet Service Providers to keep at least customer transactional logs for a period of years. In face-to-face interactions, of course, our default assumption is that no record at all exists of the great majority of our conversations. Law enforcement accepts this as a fact of nature. But with digital communication, the default is that just about every activity creates a record of some sort, and so police come to see it as outrageous that a potentially useful piece of evidence might be deleted.

Unfortunately, we tend to discuss surveillance in myopically narrow terms.  Should the government be able to listen in on the phone conversations of known terrorists? To pose the question is to answer it. What kind of technological architecture is required to reliably sweep up all the communications an intelligence agency might want—for perfectly legitimate reasons—and what kind of institutional incentives and inertia does that architecture create? A far more complicated question—and one likely to seem too abstract to bother about for legislators focused on the threat of the week.

The Government Has Your Baby’s DNA

My 2004 Cato Policy Analysis, “Understanding Privacy – and the Real Threats to It,” talks about how government programs intended to do good have unintended privacy costs. “The helping hand of government routinely strips away privacy before it goes to work,” I wrote.

There could be no better illustration of that than the recent CNN report on government collection and warehousing of American babies’ DNA. “Scientists have said the collection of DNA samples is a ‘gold mine’ for doing research,” notes a sidebar to the story.

I have no doubt that it is—and that government-mandated harvesting of this highly valuable personal data from children is an unjust enrichment of the beneficiaries.

Switzerland’s Strong Human Rights Laws Should Be Emulated, not Persecuted

In a rational world, Switzerland would be a role model for other nations. It is quite prosperous thanks largely to a modest burden of government. There is remarkable ethnic and religoius diversity, but virtually no tension because power is decentralized (sort of what America’s Founders envisioned for the United States). Yet despite these – and many other – attractive features, Switzerland is being persecuted because of strong human rights laws that protect financial privacy. Money-hungry politicians from other nations resent Swtizerland’s attractive policies, and they would rather trample Swiss sovereignty rather than fix their own oppressive tax laws. An official from the Swiss Bankers Association provides some background in a New York Times column:

In Switzerland, this tradition of treating a client’s financial affairs in confidence became law in 1934 when it was codified in Article 47 of the country’s first-ever federal banking act as a contemporary reaction to the economic crisis, various domestic political considerations and well-publicized cases of espionage involving France and Germany. …Banking secrecy…reflects the very high degree of trust that exists between the Swiss state and its citizens and it has strong democratic foundations. …The Swiss are proud of their system and they reward it with a high level of taxpayer honesty. It works because the Swiss vote their own taxes, they have a high degree of control over the way tax revenues are spent and over all they believe their tax system to be reasonable, comprehensible, transparent and fair. …Doesn’t Switzerland hear the snapping jaws and cracking whips of foreign finance ministers, tax collectors, O.E.C.D. bureaucrats, cash-dispensing government agents and other denizens of the encroaching real world as they circle round Mother Helvetia intent on biting huge chunks out of her banking secrecy, if not swallowing it whole? …In March last year the Swiss announced they would give up the evasion-fraud distinction for foreign bank clients and adopt the O.E.C.D. standards on information exchange in tax matters. …However, requests for assistance must be made with regard to a specific individual, and “fishing expeditions” — any indiscriminate trawling through bank accounts in the hope of finding something interesting — remain ruled out. …Switzerland demonstrates to the world that it is possible for a state to collect taxes with a high degree of taxpayer honesty and without the authorities being corroded with suspicion about the financial activities of their citizens. Citizens in a democracy would never allow their police force to have an automatic right of forced entry into their homes just on the off-chance of finding some stolen goods, so why on earth should the state have an automatic right of forced entry into citizens’ banks accounts just on the off-chance of discovering some tax evasion? There must be a limit to the extent to which respect for an individual’s privacy is sacrificed on the altar of international cooperation in tax matters.

Sadly, the United States is part of the effort to create a global tax cartel. An “OPEC for politicians” would be terrible news for taxpayers, though, much as a cartel of gas stations would be bad for driviers. So-called tax havens play a valuable role in curtailing the greed of the political class. Ask yourself a simple question: Would politicians be more likely or less likely to raise tax rates if they knew taxpayers had no escape options?

Data Privacy Day’s Man About Town

Betcha didn’t know that January 28th is Data Privacy Day. That’s the day on which it’s customary to give gifts of cash and money to your favorite privacy advocate. No, not really. Though Hallmark hasn’t gotten a hold of it, it is a day on which some extra attention gets paid to privacy issues.

I’ll be speaking at two events coinciding with Data Privacy Day. On Wednesday, I’ll be speaking at the 2010 Internet Data Privacy Colloquium put on by a group called Dialogue on Diversity. Register here.

And on Thursday I’ll be speaking at an event put on by the Future of Privacy Forum called “Online Privacy: Your Reputation is ON the LINE.” (Get it? “ON the LINE”? Online? We’re talkin’ computers, folks.) You can register for it on the event’s page.

There you have it! Data Privacy Day! The one day this year, among many, that you should lavish your favorite privacy expert with gifts and praise. And gifts.

No Privacy Please, We’re Millennials

TrueSlant’s Kashmir Hill notes—and endorses—Facebook CEO Mark Zuckerberg’s conclusion that the kids today won’t stay off my lawn just don’t care much about privacy.

On the one hand, this shouldn’t be terribly surprising. Quite apart from the recent proliferation of social networking technology, generational researchers have long contrasted the heavily supervised and scheduled upbringings of (middle class) Millennials born in the ’80s and early ’90s with that of their “latch key” Gen X predecessors. And for anyone currently of college age, post-9/11 levels of security theater are viewed not as a novel expansion of official intrusion, but as the baseline, as normal. This can’t be a matter of total indifference to the fogeys among us, because shifting norms will affect both legislators’ willingness to ratchet up surveillance and, at least potentially, judicial assessments of which “expectations of privacy” society is prepared to recognize as “reasonable” for Fourth Amendment purposes.

Still, let me throw out some grounds for questioning this broad generational diagnosis. Privacy is not just a function of the raw quantity of information available about each of us, but of the control we exercise over that information. To be sure, it may seem that we have less of that as well when any scrap of data that appears on the Internet can so easily be copied and circulated. But for the generation that came of age online, those scraps of data are often part of a very conscious public performance of identity. Not necessarily a performance all of them will be eager to own ten years down the line, but a performance all the same.

In his excellent book The Digital Person, legal scholar Dan Solove contrasts two kinds of privacy dystopia: the Orwellian and the Kafkaesque. The focus in the Orwellian vision is on exposure: Big Brother’s spies and cameras are everywhere, and no detail of your personal life too minute to escape notice. But the plight of Kafka’s Josef K. is somewhat different: He finds himself at the mercy of an inscrutable bureaucracy, with no access to the details of his case file, and no way of tracing the provenance of the information it contains or correcting errors. We are more exposed, but we increasingly set the terms of our exposure.

It’s easy to look at all the information that comes up in a simple Google search for someone’s name and conclude that privacy is dead. But I think it’s at least as significant that the crucial first page of results is likely to consist of information that the individuals themselves have chosen to make public: Blogs, Facebook or MySpace profiles, Twitter accounts, Last.fm pages, YouTube channels. A similar inquiry a generation ago surely would have been much more laborious and less fruitful, but it also would have consisted to a far greater extent of what others had to say about the target: gossip first and foremost, but perhaps also press mentions, official records, and so on. It’s not that such information is now less accessible, but for the average person, it’s pushed to the margin by what we’ve chosen to disclose. That’s not an unmixed blessing—some may feel as though this merely traps them in a kind of openness arms race—but neither is it the privacy death-spiral a purely quantitative analysis might suggest.