Saturday, June 15, 2013

Five myths about privacy

Five myths about privacy

By Daniel J. Solove, Washington Post, June 13

Daniel J. Solove is a law professor at George Washington University, the founder of the privacy and data-security training company TeachPrivacy and the author of “Nothing to Hide.”

The disclosure of two secret government surveillance programs — one involving phone records and the other personal data from Internet companies — has sparked debate about privacy and national security. Has the government gone too far? Or not far enough? How much privacy should we sacrifice for security? To discuss these issues productively, some myths must be dispelled.

1. The collection of phone numbers and other “metadata” isn’t much of a threat to privacy.

Don’t worry, argue defenders of these surveillance programs: The government is gathering innocuous data, not intimate secrets. “Nobody is listening to your telephone calls,” President Obama declared. Intelligence agencies are “looking at phone numbers and durations of calls; they are not looking at people’s names, and they’re not looking at content.”

But metadata about phone calls can be quite revealing. Whom someone is talking to may be just as sensitive as what’s being said. Calls to doctors or health-care providers can suggest certain medical conditions. Calls to businesses say something about a person’s interests and lifestyle. Calls to friends reveal associations, potentially pointing to someone’s political, religious or philosophical beliefs.

Even when individual calls are innocuous, a detailed phone record can present a telling portrait of the person associated with a telephone number. Collect millions of those records, and there’s the potential to trace the entire country’s social and professional connections.

2. Surveillance must be secret to protect us.

The administration and intelligence agencies have been quick to defend the classified status of the phone and Internet surveillance programs. “Disclosing information about the specific methods the government uses to collect communications can obviously give our enemies a ‘playbook’ of how to avoid detection,” said Director of National Intelligence James Clapper. National Security Agency Director Keith Alexander went further: “Grave harm has already been done by opening this up.” Presidents Obama and George W. Bush have both perpetuated this myth.

Of course, if the government is trying to gather data about a particular suspect, keeping the specifics of surveillance efforts secret will decrease the likelihood of that suspect altering his or her behavior.

But secrecy at the level of an individual suspect is different from keeping the very existence of massive surveillance programs secret. The public must know about the general outlines of surveillance activities in order to evaluate whether the government is achieving the appropriate balance between privacy and security. What kind of information is gathered? How is it used? How securely is it kept? What kind of oversight is there? Are these activities even legal? These questions can’t be answered, and the government can’t be held accountable, if surveillance programs are completely classified.

With the phone and Internet programs, it isn’t clear that sufficient protective measures are in place. The president and security officials assure us there are, but without transparency, we can’t really know.

3. Only people with something to hide should be concerned about their privacy.

In the wake of the leaks about government surveillance, writer and privacy supporter Daniel Sieradski started a Twitter account with the handle @_nothingtohide and has been retweeting variations on this myth. A typical tweet: “I don’t care if the government knows everything I do. I am fully confident that I will not be arrested.”

When privacy is compromised, though, the problems can go far beyond the exposure of illegal activity or embarrassing information. It can provide the government with a tremendous amount of power over its people. It can undermine trust and chill free speech and association. It can make people vulnerable to abuse of their information and further intrusions into their lives.

Even if a person is doing nothing wrong, in a free society, that person shouldn’t have to justify every action that government officials might view as suspicious. A key component of freedom is not having to worry about how to explain oneself all the time.

4. National security requires major sacrifices in privacy.

Obama invoked this myth this month when he said, “You can’t have 100 percent security and also then have 100 percent privacy and zero inconvenience.” The implication is that those upset about surveillance fail to recognize that we must trade some privacy for security.

But usually it’s not either-or. As Obama himself said in his 2009 inaugural address: “As for our common defense, we reject as false the choice between our safety and our ideals.”

Protecting privacy doesn’t need to mean scuttling a security measure. Most people concerned about the privacy implications of government surveillance aren’t arguing for no surveillance and absolute privacy. They’d be fine giving up some privacy as long as appropriate controls, limitations, oversight and accountability mechanisms were in place.

This sentiment was evident in the public outcry over the Transportation Security Administration’s use of full-body X-ray scanners that displayed what looked like nude images of airline passengers. No one wanted to end airport security checks. They wanted checks that were less intrusive. Congress required the TSA to use less-revealing software, and the agency ended up switching to different machines.

5. Americans aren’t especially bothered by government intrusions into their privacy.

“The public is just fine with government snooping in the name of counterterrorism,” read one Washington Post headline this past week. Indeed, a Post and Pew Research Center poll found that a majority of Americans prioritized the investigation of possible terrorist threats over the protection of personal privacy and considered it “acceptable” for the NSA to use secret court orders to access phone records to investigate terrorism.

Yet the same poll showed that the public was more closely divided on whether “the U.S. government should be able to monitor everyone’s e-mail and other online activities if officials say this might prevent future terrorist attacks.” And a Gallup poll found that only 37 percent of Americans approved of the NSA obtaining phone records and Internet communications as part of efforts to investigate terrorism, while 53 percent disapproved.

I would expect polls to show even more support for privacy if it weren’t falsely pitted — in public debates and in poll questions themselves — against stopping terrorist attacks. We don’t have to choose between preserving privacy and preventing terrorism. We do have to decide how much oversight and accountability there should be when the government conducts surveillance of its citizens.

No comments: