Privacy Is Dead. Long Live Transparency!

Modest proposal: Accept surveillance is inevitable, but demand that all data be public.

Thanks to Edward Snowden, we've learned a lot over the past few months about the breathtaking scope and depth of US government surveillance programs. It's going to take a while to digest all the details he's disclosed, but in the meantime it might be a good idea to step back and ask some pointed questions about what it all means—and what kind of country we want to live in.

What keeps the NSA's capabilities from being abused in the future?
With only a few (albeit worrying) exceptions, Snowden's documents suggest that today the NSA is focused primarily on foreign terrorism and mostly operates within its legal limits. But the agency has built an enormous infrastructure that sweeps up email, phone records, satellite communications, and fiber-optic data in terabyte quantities—and if history teaches us anything, it's that capabilities that exist will eventually be used. Inadvertent collection of US communications is required by law to be "minimized," but even now there are plenty of loopholes that allow the NSA to hold on to large quantities of domestic surveillance for its own use and the use of others. And there's little to keep it from covertly expanding that capability in the future. All it would take is another 9/11 and a president without a lot of scruples about privacy rights.


What kind of independent oversight should the NSA have?
Right now, oversight is weak. There are briefings for a few members of Congress, but the NSA decides what's in those briefings, and one leaked report revealed that the agency has set out very specific guidelines for what its analysts may divulge to "our overseers." That caginess extends to the FISA court charged with making sure NSA programs remain within the law: In a 2011 opinion recently released by the Obama administration, the court noted that the NSA had misled it about the specific nature of a surveillance program for the third time in three years.

No organization can adequately oversee itself. If the NSA is allowed to decide on its own what it reveals to Congress and to the courts, then it's under no real oversight at all.
 

What happened to the Fourth Amendment?
Back in 1979, the Supreme Court ruled that although a warrant is required to tap a telephone line, none is needed to acquire phone records. This means that police don't need a warrant to find out whom you've been calling and who's been calling you.

Whatever you think of this ruling, it was fairly limited at the time. Today it's anything but. The NSA now sweeps up records of every single phone call made in the United States under the authority of Section 215 of the Patriot Act, which gives it power to obtain any "tangible thing" that's relevant to a terrorist investigation. Did Congress mean for that section to be interpreted so broadly? Rep. Jim Sensenbrenner (R-Wis.), one of the authors of the Patriot Act, doesn't think so. But the NSA does, and the FISA court has backed it up.

Another law, Section 702 of the FISA Amendments Act, allows the NSA to obtain access to vast categories of online communications without a warrant. It's supposed to apply only to foreigners, but via errors and loopholes plenty of Americans end up being targeted too. In fact, one of the loopholes specifically allows the agency to use domestic data collected "inadvertently" if it shows evidence of a crime being or "about to be" committed. This provides a pretty obvious incentive to gather up bulk domestic communications in hopes of finding evidence of imminent activity. And the practice isn't limited to national security cases: The Drug Enforcement Administration, for example, has a special division dedicated to using intelligence intercepts in drug cases, a fact that it routinely conceals from courts and defense attorneys.

What all this means is that the traditional constitutional requirement of a particularized warrant—one targeted at a specific person—is fast becoming a relic. In the NSA's world, they simply collect everything they can using the broad powers they've been given, then decide for themselves which records they're actually allowed to read. Is that really what we want?
 

Does all this surveillance keep us safer?
There's no way to know for sure, since virtually everything about the NSA's programs is classified. But shortly after the publication of the first Snowden documents, the head of the NSA told Congress that its surveillance programs had "contributed" to understanding or disrupting 50 terrorist plots—10 of them domestic—since 9/11. That amounts to less than one domestic plot per year. Of the handful he described, the most significant one involved a Somali immigrant who sent a few thousand dollars back to fighters in Somalia.

When you narrow things down to just the NSA's collection of domestic phone records—perhaps its most controversial program—things get even shakier. In 2009, a FISA court judge who had received detailed reports on the program expressed open skepticism that it had accomplished much. And two US senators who have seen classified briefings about all 50 plots say that the phone records played "little or no role" in disrupting any of them. If this is the best case the NSA can make, it's fair to ask whether its programs are worth the cost, either in money or in degraded privacy.
 

What about corporate surveillance?
Government eavesdropping isn't the only thing we have to worry about. We're also subjected to steadily increasing data collection from private actors. It's true that, unlike a government, a corporation can't put you on a no-fly list or throw you in jail. But there are at least a couple of reasons that corporate surveillance can be every bit as intrusive as the government variety—and possibly every bit as dangerous too.

First, if Target can analyze your shopping habits to figure out if you're pregnant—and it can—another company might figure out that you're in the early stages of Alzheimer's disease and then start badgering you to buy worthless insurance policies. Multiply that by a thousand and "targeted advertising" doesn't seem quite so benign anymore.

Second, there's nothing that prevents the government from buying up all this information and combining it with its programs into an even bigger surveillance octopus. That was the goal of the Orwellian-named Bush-era program known as Total Information Awareness. It was officially killed after a public outcry, but as we now know, it never really went away. It just got split apart, renamed, and dumped into black budgets.

Even the NSA itself is in on the action: The Wall Street Journal reported earlier this year that the agency collects more than just phone records and data packets. Via internet service providers and financial institutions, it also gathers web search records, credit card transactions, and who knows what else. In addition, the NSA has long maintained a deep collaboration with the leading-edge data mining companies of Silicon Valley. And why not? As the New York Times put it, both sides realize that "they are now in the same business."
 

Can we save privacy?
I call this the "David Brin question," after the science fiction writer who argued in 1996 that the issue isn't whether surveillance will become ubiquitous—given technological advances, it will—but how we choose to live with it. Sure, he argued, we may pass laws to protect our privacy, but they'll do little except ensure that surveillance is hidden ever more deeply and is available only to governments and powerful corporations. Instead, Brin suggests, we should all tolerate less privacy, but insist on less of it for everyone. With the exception of a small sphere within our homes, we should accept that our neighbors will know pretty much everything about us and vice versa. And we should demand that all surveillance data be public, with none restricted to governments or data brokers. Give everyone access to the NSA's records. Give everyone access to all the video cameras that dot our cities. Give everyone access to corporate databases.

This is, needless to say, easier said than done, and Brin acknowledges plenty of problems. Nonetheless, his provocation is worth thinking about. If privacy in the traditional sense is impossible in a modern society, our best bet might be to make the inevitable surveillance more available, not less. It might, in the end, be the only way to keep governments honest.