Response to Saving Privacy

Can we protect privacy while deterring crime? Reed Hundt offers an elegant case for optimism. He believes government should promote encryption technology to keep prying eyes out of personal business. But he also endorses aggressive law enforcement against hackers, would-be terrorists, and other online malefactors. The idea here is that if everyone can use pseudonyms and other methods to hide their real identity and location, police and military forces can master the technology, too. Disguising themselves as would-be co-conspirators, they could uncover lawbreakers, while respecting the privacy of ordinary citizens.

Hundt’s proposal is alluring. He is trying to restore a familiar balance between policing prerogatives and constitutional constraint. We have seen what happens when that balance is disturbed. Federal agencies and local law enforcers have abused surveillance technology, hounding Muslims and targeting activists with political views to the left or right of America’s two-party duopoly. And even if this vast apparatus focused exclusively on lawbreaking, that still would leave open many political decisions about what to enforce strictly. Our laws of copyright, immigration, and even highway speed limits are too out of sync with actual practice to allow for total surveillance, no matter how well regulated.

But these same problems of significance and specificity also haunt Hundt’s effort to confront the liberty-security tradeoff with technology. There are certain arenas where lawbreaking has become so pervasive that total surveillance is merited. For instance, hardly a month goes by without a major bank settling suits over fraud, money laundering, or price fixing. Technology could make this epidemic of corporate crime invisible and thus unpunishable. Imagine if all the bankers involved in fixing the London Interbank Offer Rate (LIBOR) SnapChatted their conspiracy. The Commodity Futures Trading Commission may never have found the smoking-gun digital communications that revealed billions of dollars in manipulation.

Fortunately, astute regulators are trying to assure that more business on Wall Street is recorded. But their job could get much harder as tools of ephemerality and deletion become more accessible. Government will always need to keep tabs on such technologies and monitor their use in sensitive fields. With so much at stake in our interconnected banking system, the Financial Stability Oversight Council needs to be able to audit all of the transactions it regulates. This surveillance needs to be carried out globally as well.

There are also terrorist threats that merit scans of “everything,” above and beyond traditional policing methods. If there are reliable signals that a group is planning to weaponize a virus, or detonate a nuclear bomb in a major city, courts should not hamper what is effectively a military effort to find them. Nor should government itself promote encryption that could hide it. But when there is misuse of military surveillance technology to solve crimes that don’t threaten mass casualties, that misuse should be punished. The distinction between criminal investigation and intelligence necessary for war has been undermined since September 11. But without it, the Fourth Amendment could become a dead letter, constantly trumped by the exigency of “moral equivalents of war.”

The real problem with America’s domestic intelligence apparatus is a lazy blurring of national defense and crime, military and police power. The more leaders become serious about maintaining that divide, the less we have to worry about a totally administered existence.

Other instruments of the state—such as the Federal Trade Commission and state attorneys general—will have an important role to play in counteracting business-driven harms to individuals via data collection. Hundt is far too quick to assume an alignment of interests among data-gathering firms and ordinary consumers. For example, some of these firms degrade the reputations of individuals without notifying them. A recent report by privacy experts Pam Dixon and Robert Gellman found that most consumers have “multiple fraud scores” that are not “available for viewing, or for correction or dispute.” Dozens of other digital scores and reports affect opportunities in analog reality. Principles of due process and fairness must be imported into these new reputational economies.

Despite occasional blind spots, Hundt’s views provide a valuable contribution to privacy debates. We need Internet visionaries to move public discussion from clichéd “ticking time bomb” scenarios toward subtler discrimination between acceptable and unacceptable risks. At present, it is too easy for opportunistic officials to exaggerate threat scenarios merely to attract funding. Hundt not only exposes the costs of excess surveillance, but also makes a compelling case for supporting the positive experiences an incipient panopticon could be hindering. Government can directly promote civil society, freedom of association, and fair data practices. But its surveillance and security policies need to be grounded in realistic risk assessment, rather than pork-barrel politics and improvisation.