Tag: privacy

“Privacy” v. Justice: Wiretapping Case Update

Anthony Graber, the Maryland motorcyclist being prosecuted on state felony wiretapping charges for recording his traffic stop and posting the video on YouTube, is the subject of an article in today’s Washington Post. I have said (again and again) that this is a misreading of the Maryland wiretapping statute, which is not supposed provide grounds for prosecution where there is no “reasonable expectation of privacy.”

Graber was on the side of the highway, and the police officer asserting this expansive reading of the wiretap statute while making an arrest at the Preakness was in the middle of a large crowd. There is no reasonable expectation of privacy in either of those places. The Post article provides the other side of the argument:

The attention the Graber case is receiving has surprised Harford prosecutor Joseph I. Cassilly, who said his office has prosecuted similar cases before, including one within the past year against the passenger of a car that was stopped during a drug investigation who started taping officers with a cellphone camera. Cassilly said he didn’t know the status of the case because the prosecutor handling it has been out sick.

“The question is: Is a police officer permitted to have a private conversation as part of their duty in responding to calls, or is everything a police officer does subject to being audio recorded?” Cassilly said.

Cassilly thinks officers should be able to consider their on-duty conversations to be private.

I disagree. The injustice of the Maryland wiretap law was demonstrated earlier this week when Rep. Bob Etheridge assaulted a student who asked him a question while recording the encounter. The students were lucky that they were in the District of Columbia.

If the scuffle had been in Maryland, Etheridge could have been prosecuted for misdemeanor assault (this remains true for D.C., but I am not aware of any charges that have been made). In contrast, the students would have been on the hook for a felony violation of the wiretap law for recording the event, another violation for posting the event on the internet, and an additional charge for possession of the device used to intercept the conversation. I’m not agreeing with that reading of the law, but that’s the interpretation being used to prosecute Anthony Graber.

Whatever your views on privacy are, that’s not justice.

Event Data Recorders: They’re Not Just for Safety

In my recent testimony before the House Commerce Committee on a proposal to require event data recorders in all new cars sold in the United States, I pointed out that the mandate would go far beyond what is needed to ensure safety. Indeed, the cost of EDRs raises the prices of new cars, marginally reducing the pool of used cars and keeping lower income drivers in older used cars which are less safe.

The demand for EDRs in all cars, collecting and transmitting data about all crashes, suggests that something more than statistically relevant safety data is what advocates of this mandate want. I put a finer point on these issues today in answers to questions propounded to me after the hearing.

The proposed EDR mandate includes controls on the use of EDR information, a nominal protection for privacy, but the EDR mandate “sets the stage for migration away from consumer privacy toward serving the goals of government and industry related not only to safety but also to general law enforcement, taxation, and surveillance.”

Privacy as the Default Setting

Before I can write a blog post, I must lift my hands to type.

I say so because the default setting in life is privacy. Staying in bed maintains privacy pretty well.

Clay Shirky gives privacy a contrary treatment on the New York TimesRoom for Debate blog. We are both discussants there of the question whether the government should intervene to solve privacy issues with Facebook.

Shirky, a teacher in the Interactive Telecommunications Program at N.Y.U., writes:

There are two principal effects of the Internet on privacy. The first is to shrink personal expression to a dichotomy: public or private. Prior to the rise of digital social life, much of what we said and did was in a public environment — on the street, in a park, at a party — but was not actually public, in the sense of being widely broadcast or persistently available.

This enormous swath of personal life, as we used to call it, existed on a spectrum between public and private, and the sheer inconvenience of collecting and collating theoretically observable but practically unobserved actions was enough to keep those actions out of the public sphere.

That spectrum has now collapsed — data is either public or private, and the idea of personal utterances being observable but unobserved is becoming as quaint as an ice cream social.

“[I]t is keeping things private that requires effort,” he writes.

I think Shirky has inadvertently overstated the effects of the Internet on privacy. The dynamics he describes are definitely in play, but they exist almost exclusively in digital social life. For the rest of life, it’s still the other way around. Privacy is easy. You can just stay in bed. Pursuing publicity takes effort.

When you go out into the world, making effort to give publicity to yourself in pursuit of your wants and needs, you must trade some personal information for interaction, yes. That’s physics: photons and sound waves doing what they do. Nobody considers this a privacy problem because of our long experience with it and acculturation to it.

The online environment has similar information demands—when you go online, giving publicity to yourself in pursuit of your wants and needs, you must trade some personal information for interaction—but it has different properties: information is easier to record. Again, though, the rise of the Internet didn’t change privacy on the street, in parks, and at parties, except in the still rare instance when someone is recording and uploading information.

If we were to conduct all of life online, maybe it would be fair to say that protecting privacy takes effort. But even as a digital denizen, the majority of my experience—certainly the most important and valuable of it—is offline, face-to-face interactions with friends and loved ones or time alone.

Here, privacy is the default. Nobody knows my thoughts unless I tell them. Almost never is anyone capturing the conversation in a digital format. Rarely is anyone uploading images. Facebook isn’t hoovering up the information. Doing these things would take effort that nobody is expending.

The Internet didn’t foreclose the use of real space for the conduct of life as Shirky implies by talking about offline living in the past tense. It expanded our freedom by giving us another space—a new option to use as we see fit. Declining to use that space is as normal, natural, and necessary as eating breakfast (which is impossible to do online, by the way). Maybe some of the digerati conduct their love-lives online, but this should be a disqualification for discussing the social impact of the medium for failure to understand how it fits into most people’s lives.

Privacy debates premised on the omnipresence of digital media are interesting and fun, but I don’t think they’re grounded in people’s actual experience of the world (exception!), and they tend to overstate the significance of online privacy problems.

The Most Powerful Privacy Setting

Amid the hullaballoo about Facebook and privacy, it’s easy to forget the most powerful privacy setting.

In my 2004 Policy Analysis, “Understanding Privacy—and the Real Threats to It,” I wrote about the “privacy-protecting decisions that millions of consumers make in billions of daily actions, inactions, transactions, and refusals.”

Inactions and refusals. Declining to engage in activities that emit personal information protects privacy. Not broadcasting oneself on Facebook protects privacy. Not going online protects privacy.

The horror, some may think, of not having access to the wonders of the online world. Actually, many people live full and complete lives without it, enjoying the perfect online privacy default. The irony is a little too rich when avid users of Facebook—which is little more than a publicity tool—complain about its privacy problems.

Facebook does have some work to do on rationalizing and communicating the privacy protections its offers its publicity-seeking users. But people will always have the privacy protecting option of not using Facebook.

Not so for government-sponsored incursions on privacy, like the national ID system proposed by Senator Chuck Schumer (D-NY). Inaction and refusal of his national ID system would not be a practical option if Senator Schumer has his way. The irony isn’t just rich, it’s curdled and reeking when Senator Schumer leads the attack on Facebook for its privacy practices.

Not Enough Power … Additional Measures Needed

The Wall Street Journal reports that the federal government has insufficient power:

The attempted Times Square bombing has underscored the challenge of managing security threats from citizens with clean records, but U.S. authorities are limited in the tools they can employ to legally monitor travel and other behavior of Americans who haven’t otherwise aroused suspicion.

That’s rich.

The City That Never Blinks?

A few points about closed circuit surveillance cameras, since their relative uselessness in the camera-festooned Times Square doesn’t seem to have stemmed the call for yet more cameras as an anti-terror measure.

First, I think it’s helpful to be clear just what we’re talking about when we say “urban surveillance cameras.” Lots of private businesses and apartment buildings have their own cameras trained at least in part on public spaces.  And at this point, most of us are carrying around miniature cameras in our pockets 24/7 as well. I’ve read reports suggesting that the most promising video police obtained  of the suspected bomber came not from the many CCTV cameras the city has in place there, but from a tourist who’d been taping in Times Square. These provide many of the same advantages as official surveillance networks—after a crime occurs, police can obtain and collate footage from the scene from the various owners—without creating a centrally controlled surveillance architecture. For the remainder of the post, I’ll assume “cameras” means just such a citywide network of government controlled cameras, of the sort famously deployed in the U.K. and planned for New York—but it’s worth noting that a city without these kinds of cameras is not necessarily a city without video evidence of crimes.

Second, while there will of course be the odd case one can find where cameras were instrumental in solving a crime, the research that’s been done on public CCTV networks shows tha they’re of stunningly little evidentiary or deterrent value. There are a few specific types of locations where the presence of cameras does seem to reduce, crime, or at least push it elsewhere. They seem to be fairly effective in parking lots. But on the whole, at the city level, they just don’t work very well. In Britain, famously festooned with CCTV cameras, they’re only rarely useful in apprehending street criminals, and the boroughs with more cameras don’t seem to be any better at catching crooks than those with few.  Anecdotal evidence can be beguiling here, because once you’ve created such a system of course the history of a few memorable apprehensions will involve the use of that system.  If we gave cops lassos instead of guns and tasers, they’d end up lassoing a few crooks sooner or later too, but that hardly goes to show lassos are the right tool for the job.

Third, if citywide surveillance cameras are merely ineffective as a response to street crime, they’re ludicrous as a response to the threat of terror. The point is, I think, well illustrated by New York Mayor Michael Bloomberg’s invocation of the 7/7 bombings in London as an argument for installing an elaborate network of CCTV cams in New York: “You don’t want to wait until 52 people are killed here and then say, ‘Oh, now it’s time to do it.’ The trick is to learn by experiences, but it’s other people’s experience you’d like to learn by.” What Bloomberg did not learn from the British experience, alas, is that 52 people were still killed. The billions spent on CCTV did nothing to deter the bombers, nor to disrupt their plan in action.  The Times Square bomber, far from being deterred, chose one of the most recorded locations in the city as his target—and ultimately failed because of his own incompetence, not because of any of the dozens of cameras trained on the Square.

This kind of scenario, incidentally, presents the strongest case for surveillance cameras: A failed attack where you actually have a perpetrator to try and track down after the fact.  London’s cameras did indeed help out on that score after the second, failed attempt at a bomb attack on the transit system: Since they had intended to die with their victims, the terrorists hadn’t bothered with countermeasures like disguises, something that might conceivably occur to a non-suicidal terrorist plotter in the future.  Of course, those failed attackers were also seen by dozens of their intended victims, so there’s little reason to think it would have been impossible to track them down but for the cameras. 

Stipulating that the cameras did add some value in that rather unusual case, though, we need to step back and ask:  Is this really the best security use we can make of a few hundred million dollars per year? An elaborate camera network that doesn’t reduce crime, but might be of marginal benefit in tracking down perps after failed terror attacks by inept bombers?  If we’ve gotten this disconnected from any rational cost/benefit analysis once the word “terrorism” is uttered, let’s just start building enormous mousetraps made of gold and bait them with South Park DVDs; maybe we’ll catch a few jihadis that way.

Finally, there’s the question of privacy, which I leave for last because I don’t actually think you can reject citywide camera networks on security grounds alone. Still, it’s worth pushing back on the notion that there are no privacy concerns worth speaking of because, after all, the cameras are only trained on “public” places.  Lying in the background of that argument is a rather crabbed notion of privacy that Daniel Solove has called the
“secrecy paradigm,” and it assumes that privacy just means limiting the exposure of information that had otherwise been completely secret. But in practice, much of our privacy is not a function of the secrecy of information, but of its searchability and aggregability. There is a world of difference between knowing that any of your public behavior can be observed by others, and knowing that all of it is—that, indeed, a complete record of your public movements and actions can be automatically reconstructed from a central digital archive. Most of us probably don’t mind shopping at “public” pharmacies full of indifferent strangers, but most of us would also be upset if a permanent record of our purchases were posted on the Internet with our names attached. And there’s a difference, again, between merely being recorded and knowing that an automated behavioral analysis algorithm is apt to send up a red flag if any of your actions trigger a program’s definition of “suspicious behavior.”

To the extent that popular privacy discourse is saturated in the secrecy paradigm, it might be better to do away with “privacy” talk altogether, because the exercise of categorizing various kinds of information in a binary public/private schema may help while away the hours on a rainy Sunday, but it’s not ultimately that interesting.  The question we ought to be asking is whether and to what extent monitoring technologies facilitate social control. Sometimes that will be a price worth paying for security, but here, the case is quite weak.