NSA Secrecy and Personal Privacy
In an excellent essay about privacy and secrecy, law professor Daniel Solove makes an important point. There are two types of NSA secrecy being discussed. It’s easy to confuse them, but they’re very different.
Of course, if the government is trying to gather data about a particular suspect, keeping the specifics of surveillance efforts secret will decrease the likelihood of that suspect altering his or her behavior.
But secrecy at the level of an individual suspect is different from keeping the very existence of massive surveillance programs secret. The public must know about the general outlines of surveillance activities in order to evaluate whether the government is achieving the appropriate balance between privacy and security. What kind of information is gathered? How is it used? How securely is it kept? What kind of oversight is there? Are these activities even legal? These questions can’t be answered, and the government can’t be held accountable, if surveillance programs are completely classified.
This distinction is also becoming important as Snowden keeps talking. There are a lot of articles about Edward Snowden cooperating with the Chinese government. I have no idea if this is true—Snowden denies it—or if it’s part of an American smear campaign designed to change the debate from the NSA surveillance programs to the whistleblower’s actions. (It worked against Assange.) In anticipation of the inevitable questions, I want to change a previous assessment statement: I consider Snowden a hero for whistleblowing on the existence and details of the NSA surveillance programs, but not for revealing specific operational secrets to the Chinese government. Charles Pierce wishes Snowden would stop talking. I agree; the more this story is about him the less it is about the NSA. Stop giving interviews and let the documents do the talking.
Back to Daniel Solove, this excellent 2011 essay on the value of privacy is making the rounds again. And it should.
Many commentators had been using the metaphor of George Orwell’s 1984 to describe the problems created by the collection and use of personal data. I contended that the Orwell metaphor, which focuses on the harms of surveillance (such as inhibition and social control) might be apt to describe law enforcement’s monitoring of citizens. But much of the data gathered in computer databases is not particularly sensitive, such as one’s race, birth date, gender, address, or marital status. Many people do not care about concealing the hotels they stay at, the cars they own or rent, or the kind of beverages they drink. People often do not take many steps to keep such information secret. Frequently, though not always, people’s activities would not be inhibited if others knew this information.
I suggested a different metaphor to capture the problems: Franz Kafka’s The Trial, which depicts a bureaucracy with inscrutable purposes that uses people’s information to make important decisions about them, yet denies the people the ability to participate in how their information is used. The problems captured by the Kafka metaphor are of a different sort than the problems caused by surveillance. They often do not result in inhibition or chilling. Instead, they are problems of information processing—the storage, use, or analysis of data—rather than information collection. They affect the power relationships between people and the institutions of the modern state. They not only frustrate the individual by creating a sense of helplessness and powerlessness, but they also affect social structure by altering the kind of relationships people have with the institutions that make important decisions about their lives.
The whole essay is worth reading, as is—I hope—my essay on the value of privacy from 2006.
I have come to believe that the solution to all of this is regulation. And it’s not going to be the regulation of data collection; it’s going to be the regulation of data use.
EDITED TO ADD (6/18): A good rebutttal to the “nothing to hide” argument.
Mike • June 18, 2013 11:18 AM
In the excerpt you cite Mr. Solove states “Many people do not care about concealing the hotels they stay at, the cars they own or rent, or the kind of beverages they drink. People often do not take many steps to keep such information secret.” It appears that he is implying that it was because they didn’t care if other saw this data.
Could instead it be that they thought (assumed?) that the data was secure and they didn’t need to take any additional steps to protect this data from anyone other than the business they were dealing with? Rather than assume what people want wouldn’t it be better to simply ask them if they minded if the government used this data?