Recent Op-Eds on NSA Surveillance, ‘Database of Ruin,’ Access to Cellphone Data and Facial-Recognition Technology
Here are some recent op-eds concerning privacy and civil liberties. An editorial at the New York Times takes a look at a surveillance program by the NSA and questions whether the program has protections to avoid violating the civil liberties of American citizens. “Recently, the office of the director of national intelligence admitted that on at least one occasion, the procedures that shield citizens’ and legal residents’ private information from spying eyes had been deemed ‘unreasonable under the Fourth Amendment‘ by the Foreign Intelligence Surveillance Court, which oversees such monitoring,” the Times notes. At Harvard Business Review, University of Colorado law professor Paul Ohm discusses “the database of ruin,” a massive database filled with personal data — medical records, family history, more — that will include “at least one closely guarded secret” that would cause shame if revealed. Ohm talks about the consequences to individual privacy should such a database of ruin be created. In an opinion column for Wired, Rachel Levinson-Waldman, who is counsel for the Brennan Center for Justice’s Liberty and National Security Program, writes about the privacy concerns over law enforcement access to “envelope information” (some data about cellphone communications) in the context of donations by text to political campaigns. The UK’s Guardian has an opinion column on the increasing use of facial-recognition technology by law enforcement as well as companies such as Disney and Facebook.
“Who’s Watching the N.S.A. Watchers?” New York Times
IN March 2002, John M. Poindexter, a former national security adviser to President Ronald Reagan, sat down with Gen. Michael V. Hayden, the director of the National Security Agency. Mr. Poindexter sketched out a new Pentagon program called Total Information Awareness, that proposed to scan the world’s electronic information — including phone calls, e-mails and financial and travel records — looking for transactions associated with terrorist plots. The N.S.A., the government’s chief eavesdropper, routinely collected and analyzed such signals, so Mr. Poindexter thought the agency was an obvious place to test his ideas.
He never had much of a chance. When T.I.A.’s existence became public, it was denounced as the height of post-9/11 excess and ridiculed for its creepy name. Mr. Poindexter’s notorious role in the Iran-contra affair became a central focus of the debate. He resigned from government, and T.I.A. was dismantled in 2003.
But what Mr. Poindexter didn’t know was that the N.S.A. was already pursuing its own version of the program, and on a scale that he had only imagined. A decade later, the legacy of T.I.A. is quietly thriving at the N.S.A. It is more pervasive than most people think, and it operates with little accountability or restraint. […]
The N.S.A. created what one senior Bush administration official later described as a “mirror” of AT&T’s databases, which allowed ready access to the personal communications moving over much of the country’s telecom infrastructure. The N.S.A. fed its bounty into software that created a dizzying social-network diagram of interconnected points and lines. The agency’s software geeks called it “the BAG,” which stood for “big ass graph.”
Today, this global surveillance system continues to grow. It now collects so much digital detritus — e-mails, calls, text messages, cellphone location data and a catalog of computer viruses — that the N.S.A. is building a 1-million-square-foot facility in the Utah desert to store and process it.
What’s missing, however, is a reliable way of keeping track of who sees what, and who watches whom.
“Don’t Build a Database of Ruin,” Harvard Business Review
Many businesses today find themselves locked in an arms race with competitors to see who can convert customer secrets into the most pennies. To try to win, they are building perfect digital dossiers, to use a phrase coined by Daniel Solove, massive data stores containing hundreds, if not thousands or tens of thousands, of facts about every member of our society. In my work, I’ve argued that these databases will grow to connect every individual to at least one closely guarded secret. This might be a secret about a medical condition, family history, or personal preference. It is a secret that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm. And these companies are combining their data stores, which will give rise to a single, massive database. I call this the Database of Ruin. Once we have created this database, it is unlikely we will ever be able to tear it apart.
I have become convinced that my earlier, bleak predictions about the Database of Ruin were in fact understated, arriving before it was clear how Big Data would accelerate the problem. Consider the most famous recent example of big data’s utility in invading personal privacy: Target’s analytics team can determine which shoppers are pregnant, and even predict their delivery dates, by detecting subtle shifts in purchasing habits. This is only one of countless similarly invasive Big Data efforts being pursued. In the absence of intervention, soon companies will know things about us that we do not even know about ourselves. This is the exciting possibility of Big Data, but for privacy, it is a recipe for disaster.
If we stick to our current path, the Database of Ruin will become an inevitable fixture of our future landscape, one that will be littered with lives ruined by the exploitation of data assembled for profit. But we can chart a different course, in various ways. I think our brightest engineers can develop innovative privacy-enhancing technologies which will enable new techniques for data analytics that minimize costs to privacy. I hope that public institutions and industry, through self-regulation, will devise ways to better balance the burdens on privacy and the benefits of Big Data. If nothing else, I anticipate that society will slowly develop new norms for engaging with the massive amount of information collected about us, creating informal rules governing when and how it is appropriate to release, collect, and use data, the way minors have learned to speak and listen carefully on social networks.
In June, the Federal Election Commission announced that political campaigns will soon be able to accept donations via text message. This new option will empower thousands of citizens, especially young and low-income people who have less money to give but tend to use cellphones at a greater rate, to participate more actively in the political process.
Financial involvement in elections, even in small amounts, serves as a “gateway” to other forms of engagement in the political process – displaying lawn signs, volunteering for campaigns, passing out literature – and studies show that small donors are more likely to engage in these kinds of civic participation than large donors. Permitting small donations by text message is therefore an innovative measure that could invigorate citizen participation in the voting process, and the FEC should encourage providers to resolve the hurdles to implementation.
But this proposal also has a potential downside: a loss of privacy.
An outdated patchwork of statutes has created a complex web of standards governing law enforcement’s access to communications handled by third-party providers. This includes differential treatment for the content of communications and for the “metadata” about those communications.
If the government wants to find out whom you are calling, e-mailing, or texting and when, they can obtain that information without obtaining a warrant from a judge. Indeed, the Supreme Court has held that there is no reasonable expectation of privacy in such “envelope information.”
In the case of phone billing records, which include the recipient numbers of calls and text messages, a mere subpoena, which the police write themselves, is enough. […]
“Envelope information” should receive similarly enhanced protection. This would help assure that information including the political contributions of the young and low-income is not disproportionately swept into ever-expanding government databases, to be accessed and shared long into the future for purposes far afield from the laudable goals of campaign finance transparency.
“The new totalitarianism of surveillance technology,” Guardian (UK)
A software engineer in my Facebook community wrote recently about his outrage that when he visited Disneyland, and went on a ride, the theme park offered him the photo of himself and his girlfriend to buy – with his credit card information already linked to it. He noted that he had never entered his name or information into anything at the theme park, or indicated that he wanted a photo, or alerted the humans at the ride to who he and his girlfriend were – so, he said, based on his professional experience, the system had to be using facial recognition technology. […]
Yes, I know: it sounds like a paranoid rant.
Except that it turned out to be true. News21, supported by the Carnegie and Knight foundations, reports that Disney sites are indeed controlled by face-recognition technology, that the military is interested in the technology, and that the face-recognition contractor, Identix, has contracts with the US government – for technology that identifies individuals in a crowd. […]
Finally, last week, New York Mayor Michael Bloomberg joined NYPD Commissioner Ray Kelly to unveil a major new police surveillance infrastructure, developed by Microsoft. The Domain Awareness System links existing police databases with live video feeds, including cameras using vehicle license plate recognition software. No mention was made of whether the system plans to use – or already uses – facial recognition software. But, at present, there is no law to prevent US government and law enforcement agencies from building facial recognition databases.
And we know from industry newsletters that the US military, law enforcement, and the department of homeland security are betting heavily on facial recognition technology. As PC World notes, Facebook itself is a market leader in the technology – but military and security agencies are close behind. […]
What is very obvious is that this technology will not be applied merely to people under arrest, or to people under surveillance in accordance with the fourth amendment (suspects in possible terrorist plots or other potential crimes, after law enforcement agents have already obtained a warrant from a magistrate). No, the “targets” here are me and you: everyone, all of the time. In the name of “national security”, the capacity is being built to identify, track and document any citizen constantly and continuously.