Tag: privacy

The Most Powerful Privacy Setting

Amid the hullaballoo about Facebook and privacy, it’s easy to forget the most powerful privacy setting.

In my 2004 Policy Analysis, “Understanding Privacy—and the Real Threats to It,” I wrote about the “privacy-protecting decisions that millions of consumers make in billions of daily actions, inactions, transactions, and refusals.”

Inactions and refusals. Declining to engage in activities that emit personal information protects privacy. Not broadcasting oneself on Facebook protects privacy. Not going online protects privacy.

The horror, some may think, of not having access to the wonders of the online world. Actually, many people live full and complete lives without it, enjoying the perfect online privacy default. The irony is a little too rich when avid users of Facebook—which is little more than a publicity tool—complain about its privacy problems.

Facebook does have some work to do on rationalizing and communicating the privacy protections its offers its publicity-seeking users. But people will always have the privacy protecting option of not using Facebook.

Not so for government-sponsored incursions on privacy, like the national ID system proposed by Senator Chuck Schumer (D-NY). Inaction and refusal of his national ID system would not be a practical option if Senator Schumer has his way. The irony isn’t just rich, it’s curdled and reeking when Senator Schumer leads the attack on Facebook for its privacy practices.

Not Enough Power … Additional Measures Needed

The Wall Street Journal reports that the federal government has insufficient power:

The attempted Times Square bombing has underscored the challenge of managing security threats from citizens with clean records, but U.S. authorities are limited in the tools they can employ to legally monitor travel and other behavior of Americans who haven’t otherwise aroused suspicion.

That’s rich.

The City That Never Blinks?

A few points about closed circuit surveillance cameras, since their relative uselessness in the camera-festooned Times Square doesn’t seem to have stemmed the call for yet more cameras as an anti-terror measure.

First, I think it’s helpful to be clear just what we’re talking about when we say “urban surveillance cameras.” Lots of private businesses and apartment buildings have their own cameras trained at least in part on public spaces.  And at this point, most of us are carrying around miniature cameras in our pockets 24/7 as well. I’ve read reports suggesting that the most promising video police obtained  of the suspected bomber came not from the many CCTV cameras the city has in place there, but from a tourist who’d been taping in Times Square. These provide many of the same advantages as official surveillance networks—after a crime occurs, police can obtain and collate footage from the scene from the various owners—without creating a centrally controlled surveillance architecture. For the remainder of the post, I’ll assume “cameras” means just such a citywide network of government controlled cameras, of the sort famously deployed in the U.K. and planned for New York—but it’s worth noting that a city without these kinds of cameras is not necessarily a city without video evidence of crimes.

Second, while there will of course be the odd case one can find where cameras were instrumental in solving a crime, the research that’s been done on public CCTV networks shows tha they’re of stunningly little evidentiary or deterrent value. There are a few specific types of locations where the presence of cameras does seem to reduce, crime, or at least push it elsewhere. They seem to be fairly effective in parking lots. But on the whole, at the city level, they just don’t work very well. In Britain, famously festooned with CCTV cameras, they’re only rarely useful in apprehending street criminals, and the boroughs with more cameras don’t seem to be any better at catching crooks than those with few.  Anecdotal evidence can be beguiling here, because once you’ve created such a system of course the history of a few memorable apprehensions will involve the use of that system.  If we gave cops lassos instead of guns and tasers, they’d end up lassoing a few crooks sooner or later too, but that hardly goes to show lassos are the right tool for the job.

Third, if citywide surveillance cameras are merely ineffective as a response to street crime, they’re ludicrous as a response to the threat of terror. The point is, I think, well illustrated by New York Mayor Michael Bloomberg’s invocation of the 7/7 bombings in London as an argument for installing an elaborate network of CCTV cams in New York: “You don’t want to wait until 52 people are killed here and then say, ‘Oh, now it’s time to do it.’ The trick is to learn by experiences, but it’s other people’s experience you’d like to learn by.” What Bloomberg did not learn from the British experience, alas, is that 52 people were still killed. The billions spent on CCTV did nothing to deter the bombers, nor to disrupt their plan in action.  The Times Square bomber, far from being deterred, chose one of the most recorded locations in the city as his target—and ultimately failed because of his own incompetence, not because of any of the dozens of cameras trained on the Square.

This kind of scenario, incidentally, presents the strongest case for surveillance cameras: A failed attack where you actually have a perpetrator to try and track down after the fact.  London’s cameras did indeed help out on that score after the second, failed attempt at a bomb attack on the transit system: Since they had intended to die with their victims, the terrorists hadn’t bothered with countermeasures like disguises, something that might conceivably occur to a non-suicidal terrorist plotter in the future.  Of course, those failed attackers were also seen by dozens of their intended victims, so there’s little reason to think it would have been impossible to track them down but for the cameras. 

Stipulating that the cameras did add some value in that rather unusual case, though, we need to step back and ask:  Is this really the best security use we can make of a few hundred million dollars per year? An elaborate camera network that doesn’t reduce crime, but might be of marginal benefit in tracking down perps after failed terror attacks by inept bombers?  If we’ve gotten this disconnected from any rational cost/benefit analysis once the word “terrorism” is uttered, let’s just start building enormous mousetraps made of gold and bait them with South Park DVDs; maybe we’ll catch a few jihadis that way.

Finally, there’s the question of privacy, which I leave for last because I don’t actually think you can reject citywide camera networks on security grounds alone. Still, it’s worth pushing back on the notion that there are no privacy concerns worth speaking of because, after all, the cameras are only trained on “public” places.  Lying in the background of that argument is a rather crabbed notion of privacy that Daniel Solove has called the
“secrecy paradigm,” and it assumes that privacy just means limiting the exposure of information that had otherwise been completely secret. But in practice, much of our privacy is not a function of the secrecy of information, but of its searchability and aggregability. There is a world of difference between knowing that any of your public behavior can be observed by others, and knowing that all of it is—that, indeed, a complete record of your public movements and actions can be automatically reconstructed from a central digital archive. Most of us probably don’t mind shopping at “public” pharmacies full of indifferent strangers, but most of us would also be upset if a permanent record of our purchases were posted on the Internet with our names attached. And there’s a difference, again, between merely being recorded and knowing that an automated behavioral analysis algorithm is apt to send up a red flag if any of your actions trigger a program’s definition of “suspicious behavior.”

To the extent that popular privacy discourse is saturated in the secrecy paradigm, it might be better to do away with “privacy” talk altogether, because the exercise of categorizing various kinds of information in a binary public/private schema may help while away the hours on a rainy Sunday, but it’s not ultimately that interesting.  The question we ought to be asking is whether and to what extent monitoring technologies facilitate social control. Sometimes that will be a price worth paying for security, but here, the case is quite weak.

Your Year in Wiretaps

The 2009 Wiretap Report has just been released by the Administrative Office of the U.S. Courts. The headline findings: 2,376 wiretaps were authorized for criminal investigations last year, of which 663 were federal and 1,713 were issued at the state level. (NB: These numbers don’t include Foreign Intelligence Surveillance Act wiretaps, “pen register” requests for communications metadata, or orders to acquire stored e-mails sitting on a server.)  The vast majority of wiretaps—86 percent—were part of the drug war, with the average wiretap bill running about $52,200.

In line with recent years, only about 19 percent of intercepted communications contained anything incriminating. As you can see by eyeballing the chart, the 2009 numbers reflect a sharp 70 percent increase in federal taps over the previous year, but only because 2008 was a decade low-point. Though the number is still relatively high, criminal federal wiretap warrants were long ago eclipsed by broader and more secretive intelligence wiretaps under FISA—of which there were 2,082 in 2008.

Since drug dealers seldom have fixed offices, it probably won’t come as any surprise that 96 percent of the orders targeted mobile devices. Since a full wiretap order also permits the acquisition of the highly detailed GPS information phones can provide, it would be nice to know how many of these orders involve the use of a cell phone as a mobile tracking device.  There’s a campaign underway to update our grossly outdated surveillance laws, and better reporting on this relatively novel form of surveillance should be part of a larger geotracking reform providing a single process and a single clear standard for seeking such information, rather than the patchwork of warrants and other sorts of court orders currently employed.

As another data point for the need to reform federal surveillance law, only four of last year’s orders involved any kind of “electronic communication,” as opposed to traditional voice communications.  Does that mean law enforcement agencies are just ignoring the Internet?  Of course not. But current law, perversely, establishes a much higher standard for the interception of “live” communications in transit over the network than for e-mails that have landed on a user’s server. As soon as you open that e-mail, the level of protection it’s afforded by statute is radically diminished, and the constitutional protections given to stored emails are still embarrassingly unclear, at least as far as the courts are concerned.

The irony here is that the outdated federal surveillance laws actually leave us hard pressed to accurately gauge how badly they’re outdated. The primary problem is that the crazy-quilt of statutes and standards doesn’t map the way people actually communicate today, or line up with their real-world expectations of privacy in those communications. But the secondary problem is that the reporting requirements don’t line up either.  I’m probably a little abnormal here, but I communicate via e-mail, Twitter, or IM vastly more than I talk on the telephone. I send dozens of e-mails on an average day (many from a GPS-enabled phone), but I doubt I average more than one actual voice phone call per week. There are, of course, many reasons to expect criminals to prefer the ephemeral nature of voice communication, but the disconnect still ought to be worrying.  The numbers in the Wiretap Report make us feel as though we have a handle on the scope of government surveillance, when in fact we probably don’t have a very clear picture at all.

Planned Economy, Privacy Problems

If someone asked you what’s wrong with a planned economy, your first answer might not be “privacy.” But it should be. For proof, look no further than the financial regulation bill the Senate is debating. Its 1,400 pages contain strong prescriptions for a government-micromanaged economy—and the undoing of your financial privacy. Here’s a look at some of the personal data collection this revamp of financial services regulation will produce.

The “Office of Financial Research” (sec. 152) will have a “Data Center” (sec. 154) that requires submisson of data on any financial activity that poses a threat to financial stability.

Use your noggin, now: Will government researchers know in advance what might cause financial instability? Will they home in on precisely that? No.

This is government entrée into any financial activities federal bureaucrats suspect might cause instability. It’s carte blanche to examine all financial transactions—including yours. (Confidentiality rules? The better view is that privacy is lost when the government takes data from your control, but we’ll come back to confidentiality.)

The Office of Financial Research is also a sop to industry. Morgan Stanley estimates that it will save the company 20 to 30 percent of its operating costs. The advocates for this bureaucracy want to replace the competitive environment for financial data with a uniform government data platform. Students of technology will instantly recognize what this data monoculture means: If the government’s data and assumptions are bad, everyone’s data and assumptions are bad, and all players in the financial services system fall together. The Office of Financial Research itself poses a threat to financial stability.

But all that’s about money. On with privacy…

The “Bureau of Consumer Financial Protection” (sec. 1011) in the bill is another beetle boring into your personal financial life. Among its mandates is to “gather information … regarding the organization, business conduct, markets, and activities of persons operating in consumer financial services markets” (sec. 1022(c)(4)).

In case you’re wondering, the definition of “person” includes “an individual” (sec. 1002(17)). The Bureau of Consumer Financial Protection can investigate your business conduct and activities.

Come now. All this private data gathering can’t possibly be what they mean to do, can it?

Section 1071(b) requires any deposit-taking financial institution to geo-code customer addresses and maintain records of deposits for at least three years. Think of the government having its own Google map of where you and your neighbors do your banking. The Bureau may “use the data for any other purpose as permitted by law,” such as handing it off to other bureaus, like the Federal Bureau of Investigation.

Still, that’s really not what the Bureau of Consumer Financial Protection is supposed to be about, is it? It can’t be!

It’s not. Nor was the Social Security number about creating a uniform national identifier that facilitates both lawful (excessive) data collection and identity fraud. The construction of surveillance infrastructure doesn’t turn on the intentions of its builders. They’re just giving another turn to the wheels that crush privacy.

Promises of confidentiality and “de-identified” data are not reassuring. It’s getting harder and harder to collect data that are not personally identifiable. Latanya Sweeney’s 2002 “k-anonymity” paper is best known for establishing how anonymous data can be “re-identified,” unraveling promised confidentiality and privacy.

Just a few “anonymous” data points can pick out individuals. Data-driven triangulation on individuals will get easier as data collection grows society-wide. Confidentiality rules in the bill will tend to fail over time, if they’re not simply reversed when some future exigency demands it. If we’re to maintain privacy, government data collection should be shrinking, not growing.

How do you manage an economy from the top? You collect data. Thanks to computing and communications, there are lots of data available nowadays. Maybe the failed Progressive-Era dream of “scientific government” has been revitalized by the idea that data can shore up regulation’s natural defects.

My colleague Mark Calabria has investigated and drawn into question whether it was a lack of consumer protection that caused the financial crisis. But Washington, D.C. has determined that Washington, D.C. should manage the financial services industry. Your personal and private financial affairs will be managed there too.