Tag: privacy

Good Precedents against NSA Spying

With debate about NSA spying continuing in the Senate, it’s worth looking at some of the historical and modern precedents for protecting our communications and communications data. A few highlights:

  • The earliest precedent for protection of communications in the United States is the treatment of mail. The founders used postal mail to communicate their revolutionary ideas and even to plan their insurrection against the tyranny of King George, so they prioritized protecting the privacy of the mail. In the Act of Feb. 20, 1792, passed a few short years after ratification of the Constitution, the U.S. Congress enshrined protections for mail in the law, creating heavy fines for opening or delaying mail.
  • The Supreme Court confirmed the existence of constitutional protection for postal communications in Ex Parte Jackson. In that 1877 case, the Court described the Fourth Amendment’s guarantees in very interesting and clear language: “Letters and sealed packages … are as fully guarded from examination and inspection, except as to their outward form and weight, as if they were retained by the parties forwarding them in their own domiciles.” Though we place mail in the hands of government agents, the Fourth Amendment protects it like it’s inside our homes.
  • The year Ex Parte Jackson case was decided, both Western Union and the Bell Company began providing voice telephone service. The Supreme Court addressed constitutional protection for phone calls some decades later in 1928. The Olmstead case was wrongly decided, we now know. It found that telephone communications weren’t protected by the Constitution. So the dissents are where to look for precedential language. Justice Brandeis’s famous dissent spoke of the “right to be let alone,” but Justice Butler provided thinking and language that should have more lasting value: “The contracts between telephone companies and users contemplate the private use of the facilities employed in the service,” he wrote. “The communications belong to the parties between whom they pass.” The communications belong to the parties. That’s a fasacinating and important way to think about our communications, as property that we own.

In Holding NSA Spying Illegal, the Second Circuit Treats Data as Property

The U.S. Court of Appeals for the Second Circuit has ruled that section 215 of the USA-PATRIOT Act never authorized the National Security Agency’s collection of all Americans’ phone calling records. It’s pleasing to see the opinion parallel arguments that Randy Barnett and I put forward over the last couple of years.

Two points from different parts of the opinion can help structure our thinking about constitutional protection for communications data and other digital information. Data is property, which can be unconstitutionally seized.

As cases like this often do, the decision spends much time on niceties like standing to sue. In that discussion—finding that the ACLU indeed has legal standing to challenge government collection of its calling data—the court parried the government’s argument that the ACLU suffers no offense until its data is searched.

“The Fourth Amendment protects against unreasonable searches and seizures,” the court emphasized. Data is a thing that can be owned, and when the government takes someone’s data, it is seized.

In this situation, the data is owned jointly by telecommunications companies and their customers. The companies hold it subject to obligations they owe their customers limiting what they can do with it. Think of covenants that run with land. These covenants run with data for the benefit of the customer.

“Just Follow the Damn Constitution”

At a hearing this week on mobile device security, law enforcement representatives argued that technology companies should weaken encryption, such as by installing back doors, so that the government can have easier access to communications. They even chastised companies like Apple and Google for moving to provide consumers better privacy protections.

As an Ars Technica report put it, “lawmakers were not having it.” But a particular lawmaker’s response stands out. It’s the statement of Rep. Ted Lieu (D-CA), one of the few members of Congress with a computer science degree. He also “gets” the structure of power. Lieu articulated why the Fourth Amendment specifically disables government agents’ access to information, and how National Security Agency spying has undercut the interests of law enforcement with its overreaching domestic spying.

Give a listen to Lieu as he chastises the position taken by a district attorney from Suffolk County, MA:

The Fatal Conceit of the “Right to be Forgotten”

Intelligence Squared hosted a lively debate last week over the so-called “Right to be Forgotten” embraced by European courts—which, as tech executive Andrew McLaughlin aptly noted, would be more honestly described as a “right to force others to forget.”  A primary consequence of this “right” thus far has been that citizens are entitled to demand that search engines like Google censor the results that are returned for a search on the person’s name, provided those results are “inadequate, irrelevant, or no longer relevant.”  In other words, if you’re unhappy that an unflattering item—such as a news story—shows up as a prominent result for your name, you can declare it “irrelevant” even if entirely truthful and ask Google to stop showing it as a result for such searches, with ultimate recourse to the courts if the company refuses.  Within two months of the ruling establishing the “right,” the company received more than 70,000 such requests.

Hearteningly, the opponents of importing this “right” to the United States won the debate by a large margin, but it occurred to me that one absolutely essential reason for rejecting this kind of censorship process was only indirectly and obliquely invoked.  As even the defenders of the Right to be Forgotten conceded, it would be inappropriate to allow a person to suppress search results that were of some legitimate public value: Search engines are obligated to honor suppression requests only when linking some piece of truthful information to a person’s name would be embarrassing or harmful to that person without some compensating benefit to those who would recieve the information.  Frequent comparison was made to the familiar legal standards that have been applied to newspapers publishing (lawfully obtained) private information about non-public figures. In those cases, of course, the person seeking to suppress the information is typically opposed in court by the entity publishing the information—such as a newspaper—which is at least in a position to articulate why it believes there is some public interest in that information at the time of publication. 

Stingrays and Police Secrecy

The New York Times this week published a troubling article detailing the secrecy surrounding police use of Stingray cellular site simulators.  Essentially, these devices (which can be mounted on vehicles or carried by hand) mimic the signals of a cell phone tower in order to force cell phones in a given area to connect to the device.  Both data on the phone (including numbers, texts, emails, and any other data stored on the phone) and the phone’s physical location can then be accessed and recorded by police.

Additionally concerning is the extensive use of non-disclosure agreements by the Harris Corporation, which sells the devices, to prevent the public (and in some cases even judges, defense attorneys, and prosecutors) from finding out how these devices are being used or even whether a given department owns any.   The preference for secrecy is so powerful that prosecutors have dropped serious criminal charges simply to avoid having the police use of Stingrays subjected to examination by defense attorneys or judges.

According to the Times,

The confidentiality has elevated the stakes in a longstanding debate about the public disclosure of government practices versus law enforcement’s desire to keep its methods confidential. While companies routinely require nondisclosure agreements for technical products, legal experts say these agreements raise questions and are unusual given the privacy and even constitutional issues at stake.

The stated reason for the secrecy is the common refrain that terrorists will circumvent the technology if they know what law enforcement is up to.  However, a recent ACLU report was unable to uncover a single instance of these devices being used to bring domestic terrorists to justice in any jurisdiction surveyed. 

The ACLU report estimates that Stingrays are in wide and rapidly increasing use in law enforcement agencies across America.  However, there appears to be very little oversight structure for police departments, legislatures, or courts governing the use of these devices. In some instances, it seems that courts have even unwittingly been authorizing their use without the judge’s full understanding.  For instance, a sampling of applications for court orders from Florida law enforcement agencies informs the judge that the order is for cell phone records, but doesn’t mention anything about how they’re to be obtained.  Police claim such vague orders authorize Stingray deployment, but some judges have been less than enthused upon finding out.

Does the Government Require Your Hotel to Spy on You?

If you’re a privacy conscious traveler, you may have wondered from time to time why hotels ask for ID when you check in, or why they ask you to give them the make and model of your car and other information that isn’t essential to the transaction. What’s the ID-checking for? There’s never been a problem with fraudsters checking into hotels under others’ reservations, paying for the privilege to do so…

Well, in many jurisdictions around the country, that information-gathering is mandated by law. Local ordinances require hotels, motels, and other lodgers (such as AirBnB hosts), to collect this information and keep it on hand. These laws also require that the information be made available to the police on request, for any reason or no reason, without a warrant.

That’s the case in Los Angeles, which not only requires this data retention about hotel guests for law enforcement to access at will or whim. It also requires hoteliers to check a government-issued ID from guests that pay cash.

Open access to hotel records may have been innocuous enough in the early years of travel and lodging. Reading through hotel registers was a social sport among the wealthy, who could afford long-distance travel and lodging. Today, tourism is available to the masses, and hotel records enjoy tighter privacy protections. Most people would quit a hotel that left their information open to the public, and many would be surprised that hoteliers’ records are open to law enforcement collection and review without any legal process.

Big Brother Wants to Watch You Drive

In 2008, the Washington legislature passed a law mandating a 50 percent reduction in per capita driving by 2050. California and Oregon laws or regulations have similar but somewhat less draconian targets.

The Obama administration wants to mandate that all new cars come equipped with vehicle-to-infrastructure communications, so the car can send signals to and receive messages from street lights and other infrastructure.

Now the California Air Resources Board is considering regulations requiring that all cars monitor their owners’ driving habits, including but not limited to how many miles they drive, how much fuel they use, and how much pollution or greenhouse gases they emit.

Put these all together and you have a system in which the government will not only know where your vehicle is at all times, but can turn off your vehicle if it decides you are driving too much or driving in a way that emits too many grams of carbon dioxide or is otherwise offensive to some bureaucratic imperative.

I sometimes think privacy advocates are a paranoid bunch, seeing men in black around every corner and surveillance helicopters or drones in the air at all times. On the other hand, if a technology is available–such as the ability to record cell phone calls–the government has proven it will use it.

Consider all of the lovable progressives out there who think the government should “punish climate change liars,” meaning people who have differing opinions on scientific issues. It’s not much a stretch to think that, any time they happen to be in power, they will use the available technology to make people stop driving. After all, just how important can that extra trip to the supermarket be compared to the absolute imperative of preventing the seas from rising a quadrillionth of an inch?

Of course, the elected officials and bureaucrats who run this system will exempt themselves from the rules. After all, nothing is more important than their work of running the country and making sure people don’t abuse their freedom by engaging in too much mobility.

As California writer Steven Greenhut points out, we already have red-light cameras, and some “eastern states have suspended drivers from using toll lanes after their transponders showed them to be speeders.” They’re not invading our privacy, the greens will argue, they are just making sure that our actions aren’t harming Mother Earth.

Of course, for many it really isn’t about greenhouse gas emissions. Mobility allows (or, as anti-auto groups would say, forces) people to living in low-density “sprawl” where they can escape taxation by cities eager to subsidize stadiums, convention centers, and light-rail lines. All they have to do is ramp down people’s monthly driving rations–something like a cap-and-trade system that steadily reduces the caps–and suburbanites will eventually find that they have to move back to the cities.

No doubt some will argue that even those who drive the most fuel-efficient cars should be subject to the same driving limits because suburban homes waste energy too. Or that people will be safer from terrorists if they are all jammed together in cities close to emergency facilities than if they are spread across the countryside. Or that suburbanites are parasites on the cities and should be reassimilated back into the cities’ benign embrace and taxing districts.

Whatever the argument, the point is that if the technology is there, the government will use it. If people really want to buy cars that monitor their every move and are capable of communicating those moves to some central infrastructure, they should be allowed to do so. But allowing the government to mandate these things is simply asking to have well-meaning, and sometimes not-so-well-meaning, government bureaucrats control how we travel and where we live.