Researching government invasions of privacy all day, I come across my fair share of incredibly creepy stories, but this one may just take the cake. A lawsuit alleges that the Lower Merion School District in suburban Pennsylvania used laptops issued to each student to spy on the kids at home by remotely and surreptitiously activating the webcam built into the bezel of each one. The horrified parents of one student apparently learned about this capability when their son was called in to the assistant principal’s office and accused of “inappropriate behavior while at home.” The evidence? A still photograph taken by the laptop camera in the student’s home.
I’ll admit, at first I was somewhat skeptical—if only because this kind of spying is in such flagrant violation of so many statutes that I thought surely one of the dozens of people involved in setting it up would have piped up and said: “You know, we could all go to jail for this.” But then one of the commenters over at Boing Boing reminded me that I’d seen something like this before, in a clip from Frontline documentary about the use of technology in one Bronx school. Scroll ahead to 4:37 and you’ll see a school administrator explain how he can monitor what the kids are up to on their laptops in class. When he sees students using the built-in Photo Booth software to check their hair instead of paying attention, he remotely triggers it to snap a picture, then laughs as the kids realize they’re under observation and scurry back to approved activities.
I’ll admit, when I first saw that documentary—it aired this past summer—that scene didn’t especially jump out at me. The kids were, after all, in class, where we expect them to be under the teacher’s watchful eye most of the time anyway. The now obvious question, of course, is: What prevents someone from activating precisely the same monitoring software when the kids take the laptops home, provided they’re still connected to the Internet? Still more chilling: What use is being made of these capabilities by administrators who know better than to disclose their extracurricular surveillance to the students? Are we confident that none of these schools employ anyone who might succumb to the temptation to check in on teenagers getting out of the shower in the morning? How would we ever know?
I dwell on this because it’s a powerful illustration of a more general point that can’t be made often enough about surveillance: Architecture is everything. The monitoring software on these laptops was installed with an arguably legitimate educational purpose, but once the architecture of surveillance is in place, abuse becomes practically inevitable. Imagine that, instead of being allowed to install a bug in someone’s home after obtaining a warrant, the government placed bugs in all homes—promising to activate them only pursuant to a judicial order. Even if we assume the promise were always kept and the system were unhackable—both wildly implausible suppositions—the amount of surveillance would surely spike, because the ease of resorting to it would be much greater even if the formal legal prerequisites remained the same. And, of course, the existence of the mics would have a psychological effect of making surveillance seem like a default.
You can see this effect in law enforcement demands for data retention laws, which would require Internet Service Providers to keep at least customer transactional logs for a period of years. In face-to-face interactions, of course, our default assumption is that no record at all exists of the great majority of our conversations. Law enforcement accepts this as a fact of nature. But with digital communication, the default is that just about every activity creates a record of some sort, and so police come to see it as outrageous that a potentially useful piece of evidence might be deleted.
Unfortunately, we tend to discuss surveillance in myopically narrow terms. Should the government be able to listen in on the phone conversations of known terrorists? To pose the question is to answer it. What kind of technological architecture is required to reliably sweep up all the communications an intelligence agency might want—for perfectly legitimate reasons—and what kind of institutional incentives and inertia does that architecture create? A far more complicated question—and one likely to seem too abstract to bother about for legislators focused on the threat of the week.