The NSA and Facebook Are Just Symptoms…
Each time we’ve come into a surveillance oriented debate, there’s always a codicil that requires us to compare private vs. state data collection habits. Much of the debate focuses on which type of actor is worse in privacy violations. Left-leaning debaters point out that private firms already collect vast amounts of data and do so without any effective government oversight, while the right-leaning debaters will counter with the fact that private companies can’t arrest you. When you combine these perspectives it’s clear that data based privacy is simply not well defined. The root cause of so many of our problems with our information age: we have no control over information that involves our person.
One of the terms of art used when defining Fourth Amendment searches under US common law is the concept of a “reasonable expectation of privacy”. This is a concept that has evolved over time, starting with the first solid application of communications privacy in Ex Parte Jackson (1877). New technologies have always presented a problem with defining privacy. Early use of telephone wiretapping in the Olmstead (1928) case insisted that the very act of transmitting your voice through copper wire negated any expectation of privacy. This was eventually corrected in the Katz (1967) where Justice Harlan crafted the two-pronged “reasonable expectation of privacy” test in his concurrence. The Court would later officially adopt the test in Smith v. Maryland which tested the constitutionality of trap/trace devices. (What we might consider the first use of “telephone metadata”.)
The test employed by the Court has two prongs:
- Does the individual have a subjective expectation of privacy?
- Would the rest of society recognize that expectation as reasonable?
Today we face a situation where the subjective expectations of end-users of online services are substantially different from how the state and private firms consider to be reasonable. An example of this disconnect can be seen in the reactions to the AP phone records story. The collection of telephone data outside of the content of calls was considered outside the bounds of reasonable expectations of privacy (both legally and by the firm who provided the data) but not by the public when the collection went public.
We could, of course wait for another generation or two of Supreme Court justices to pass through SCOTUS and then overturn Smith v. Maryland, but it seems to me that the way forward requires proactive definitions of what acceptable and unacceptable use of data pertaining to an individual involve.
HIPAA’s introduction of medical records privacy regulations has helped make patient information substantially harder to connect with individual people. Just as it was unreasonable to expect that medical service providers stop collecting and archiving medical data on individuals, given the state of online media writ large, demanding widespread data retention bans is unrealistic. What the US (and by extension the world) needs is a system to monitor and account for data associated with a specific individual. There should be a narrow list of allowed uses of such data, criminal and civil penalties for violating these uses, methods for customers to know when their data is being accessed, and an active definition based on legislation rather than waiting for court precedent.
The simple fact of the matter is that the NSA revelations have shown us there’s many uses for data collected by private entities. While data collection by Google or Facebook might help their advertising models, it can be used by intelligence agencies for pattern analysis. The trend toward putting more and more of our lives in cloud storage is unlikely to abate, meaning that we need to take a proactive stance on protecting our data. We need to expand this definition to include data that can personally identify us in ANY way, and create legal remedies if this data is accessed without our consent.
A data driven society requires data to be collected. But as individuals we should have the power to restrict who has access to that data absent sufficient cause to issue a warrant. The debate we must have about privacy isn’t simply about database access or record keeping, but the fundamental nature of our personal data. Only then can we start curing the underlying illness in our surveillance state.
The argument that I use with regards to the “but you give google and facebook your information!” argument is to draw an analogy to sexual assault of a woman and then asking what the big deal is because she has sex with her boyfriend all the time.
“Consent” is one of those things that changes dynamics pretty significantly. Saying “But you didn’t mind when it was someone else” is not a good argument.Report
In what way can a consumer’s consent be classified as impaired by the facts that
there’s a 4,000+ word EULA with Facebook*? That EULA was likely crafted by very good lawyers while the consumer usually doesn’t have lawyers on retainer to evaluate what exactly they’re signing up for? That EULAs tend to allow for the company to change provisions of the agreement on pretty lenient terms?
Potential privacy abuses with respect to corporations deserve at least as much scrutiny as abuses with respect to governments. Claiming the consumer-corporation relationship is consensual doesn’t change that (particularly given the asymmetry of information).
* not picking on Facebook, insert any other multinational tech giant in their placeReport
The thing is, though, if Facebook starts abusing my information, I can unilaterally exit. So even if I don’t read the EULA, I can at least minimize the damage once I find out about it. Which isn’t as good as avoiding it altogether. But is more reasonable to me than saying “If you don’t like, become politically active to pass a law to repeal it!”
This doesn’t make anything and everything corporations would do with my information okay. But it does put it on a different plane than government, in my view. Even if we accept the notion that I agree to whatever the majority, the government, and the courts decide because I don’t pick up and move to Somalia, that’s still a different level of consent than continuing to use Facebook or GMail.
So while I can agree that corporate privacy abuses do deserve scrutiny, I do not agree that they deserve the same level of scrutiny as does the government.Report
To me the same concerns raised in the original post about data ownership and privacy apply in both the government and private context. When you exit Facebook, what happens to your data? Can the company keep it? for how long? can they sell it on to third parties? do they have to tell you when they do so?
In my view, there’s an interest in protecting rights in both spheres. So if the US were to establish an office like Australia’s Privacy Commissioner, or other type of privacy ombuds-type office, I’d want them to be empowered to have a view towards both private and public sphere abuses.
here‘s a for instance from 2011, though I’m not sure to what extent it’d be called consensual.
Report
Creon, even if Facebook does get to keep the data*, at least I can stop giving Facebook more data once I find out what they’re doing with it. That’s not as good as their not being allowed to keep the data, but it’s a lot better than relying on a law being passed to scale back government access to it.Report
Or, put another way, it’s not that I don’t think there are any concerns with the private accumulation and dispersal of data. I do think it should be taken for granted that my expectations with free, adbased entities are limited. But there can be and are concerns. But I do consider these concerns to be on a different level than the government doing the same. I consider the level of consent to be different, and I consider the ramifications to be different (even if not always benign in either case).Report
While I am certainly *NOT* dismissing the abuse of privacy by corporations, but there *ARE* options available to folks out there. There are options out there that are not google if you want to search, there are options out there that are not facebook if you want to tell people that you’re in Starbucks and you’re ordering your favorite latte, lol.
And when you tell facebook “I live in Montana, I graduated from Boise High School in 1994 and here is a picture of me”, presumably you know that you are giving facebook a lot of data there. Heck, the people who do that are, presumably, doing this *IN ORDER* for people from their past to be able to find them. (“Dude! I was in your science and math classes! Are you showing up for the 20th?”)
There seems to be an undercurrent of “well, people should know better than to do that” when it turns out that the government has been breaking its own rules to gather information on people without warrants.
And pointing out that there are rules and the rules have been broken is given short shrift.Report
I think you’re still missing the point. The rules have been quite clear that the two-pronged Katz based test say that subjective expectations of privacy and society’s expectations are key in setting the rules themselves. For much of the metadata and some of the “spying” done without warrant, absent the provisions of certain parts of Title III, there isn’t actually all that much oversight or rules required because the data being accessed isn’t considered private.
The extent to which the NSA revelations are about “abuses” is unclear. Most of the revelations have been about things that have a fair basis under law. The problem is what we’re used to considering legal is outdated by the standards of just how much data is collected about us.
Also saying “we have a choice” in a lot of our consumption and living habits isn’t all that different from telling people to move to Somalia if they don’t like the government. Part of living in modern society requires certain amounts of data collection by people. What’s wrong with saying we should have the right to safeguard that data from ANYONE using it without our consent? We do that with our medical data. What’s different about where we eat or what type of latte we ordered for breakfast?Report
Most of the revelations have been about things that have a fair basis under law. The problem is what we’re used to considering legal is outdated by the standards of just how much data is collected about us.
So Snowden didn’t tell us anything that, seriously, we shouldn’t have already known? You’re unclear on why they’re freaking out or, indeed, why the government is upset about the so-called “leak” of information that anyone with access to Google News should have known about during the Bush Administration?Report
The extent to which the NSA revelations are about “abuses” is unclear.
Here’s a fun paragraph from The Washington Post:
The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.Report
On some level I think Ben Wittes and his post on the NSA at Lawfare sum up much of the attitude for folks who’ve been paying attention:
http://www.lawfareblog.com/2013/08/the-nsa-the-washington-post-and-the-administration/
A lot of it is simply that many of the details of how these programs specifically operate were classified and the government never likes it when people leak classified documents. The rest is that the people who HAVE been paying attention have a different reaction to the revelations than people who are getting it filtered through the OUTRAGEMACHINE.Report
a lot better than relying on a law being passed to scale back government access to it.
I don’t think I understood this. I understood, and agree with, this part of your comment, stopping Facebook getting new data less good than government requiring Facebook delete data. I didn’t get, “relying on a law being passed to scale back government access to [your data]” less good than what?
I do think it should be taken for granted that my expectations with free, adbased entities are limited.
This may be the core of where we differ. What should we expect from the private entities? To me there’s a whole (emerging) set of business and human rights norms lurking in the background that informs my view on examining private sector conduct.
I do consider these concerns to be on a different level than the government doing the same.
Lastly, maybe this is where the rubber meets the road, would your perspective mean a significant difference in the institutions and policies instituted to deal with abuses in the public or private sector? If not, then we disagree more as a point of analysis than as to policy prescriptions. Concrete prescriptions like a US law similar to the EU’s Data Protection Directive or going beyond a Privacy and Civil Liberties Oversight Board towards something with an even broader remit like Australia’s Information Commissioner.Report
On your rather misleading WaPo story As Wittes notes (emphasis is added by me):
Report
Here’s my favorite part of that blog post:
The guidance here may reflect, to some degree, what was by some accounts a difficult adjustment for the NSA to having programmatic oversight from the Justice Department and the ODNI at a very granular level.
But come on. It’s hardly a news flash that a secret, clandestine intelligence agency might resist giving out information about its operations when not legally required to do so.
Awesome.Report
… and I don’t understand what you’re saying here. My comment was as clear as granite. So let me just rewrite that comment:
If Facebook turns around and misuses data that I give it. Let’s say, for instance, that they turn around and sell it to life insurance companies. And let’s say that even if I logged off and deleted my account, they could still take that data and sell it to auto insurance companies. And there’s nothing I can do about it. Well, that kinda sucks. But at least I can refrain from giving Facebook more data simply by no longer participating. That’s not nothing.
Should I be able to require that Facebook delete the data? I could get on board with that (I’d need to think more about it), though my sense is that at that point, the cat would be out of the bag. It’s almost certainly in the hands of somebody else.
Should we be able to prevent them from selling data to begin with? Well, I’m reluctant to really get on board with that, fully. Because Facebook needs to make money. The reason I expect less of free, adbased service is because of this. What expectations should I have, here? About the only expectation I can think of is that information they tell me is private, is private.
And yeah, if they turn out to lie about that, I am on board being pretty harsh about that. That would include, of course, giving information to the government that I had no reasonable expectation that they would give to the government.Report
Will, I think where Creon (and myself really) am having trouble is that your assertion that having no recourse other than simply stopping use of a service is preferable to having a means of remedying it through tort or threat of criminal sanction on the service in question. Given the sheer scale of many of these services and their ability to control aspects of your social life due to their market share, I think it’s important to have something other than boycotts.
I’m simply at a loss as to see what’s wrong with adding substantive penalties both for unauthorized access of your personal data by government personnel and for violations of privacy policies and sale to third parties.Report
I don’t have a problem with there being recourse, when misbehavior occurs. If Facebook says “We won’t sell data to insurance companies” and they sell data to insurance companies or the government (without a subpoena), they should be held into account.
Where I tend to get a bit hair-trigger is when Facebook is used as a reason to be less concerned about what the government is doing. That, because I am not worried about Facebook sending information to advertisers, I should not be worried about their sending information to the NSA. That I should be comparably concerned with both because both are “privacy.”Report
Will,
some information STEALING isn’t in the EULA.
In fact, it’s topsekret business shit.
You don’t want to know how much you’ve told Amazon about yourself…Report
Plus, Facebook can’t send people with guns after you.Report
I’m a little disappointed with this reply because I think you and Will seem to have missed my broader point that you really can’t divorce the corporate from the state aspects of data collection. I guess I failed to communicate my point clearly.
My broader point is that much of what enables government access to communications data is that it’s gathered by private companies to begin with. Further we have very little control over how that data is utilized. We have all sorts of things we’re not aware or at least minimally aware of others collecting on us, ranging from browsing habits to location check ins through GPS enabled phones. But all of that data is part of the trove that both state and corporations mine.
If we use Jaybird’s rather specious and offensive analogy, we can say that the government is a guy watching hidden camera videos that the boyfriend has taken without the girlfriend’s consent or knowledge. At what point do we criminalize that behavior or at least severely restrict it? In this case it seems only right that the image rights belong solely to the woman and not to the person taking the video or pictures.Report
For the record, I didn’t have a problem with your post. I caught the point that you were intending to make and I think it’s valid. Even aside from the government, there is sharing among private entities that I do not want to occur (or to occur easily). Say, sharing my private Facebook posts with insurance companies to mine for potential risky behavior. Or a whole lot of things with credit agencies.
At the same time, though, there is value in a lot of this information being kept. I don’t mind it being used for targeted advertising, for example. Even the GPS, letting people know where I go and where there might be a coffee shop I am interested in or something. And it’d be really need to have access to this information myself (I left my credit card somewhere, let me use the GPS on my phone to retrace my steps). I also think this data should be available to the government with a warrant.
So on the accumulation of data, I am sympathetic to allowing it to be accumulated. The notion that if the data exists the government will necessarily get its hands on it and how could I ever expect any differently and I sacrificed my right for the government not to have the data when I agreed to let Google have it (an argument you are not advancing, but that I have seem advanced to varying degrees)… well I reject that. Or, if it’s true, then there is simply no way that I can trust the government to force companies to delete data so that the government itself cannot later access it.
Maybe that’s too cynical of me. But if we could rely on the government not to do that, we could rely on the government not to do things like apply pressure to get companies to turn over the data in the first place. We could trust the government to institute, and enforce walls.
And if we can get the government to do that, then I am not opposed to doing that. To rethinking privacy more generally, as you suggest. I am just a little hair-trigger, I guess, against the notion that I have the same to fear from private industry that I do from the government. (Or maybe I, as a white protestant guy without radical beliefs and for the most part in social circles without radical beliefs or vast criminal activity of the sort the government makes a point to target, have less to fear from the government – but that’s not reassuring.) That’s what it came across to me like Creon was saying.Report
Okay, I understand better what you’re getting at.
Overall, again, I don’t think there’s much equivalence between how government and private entities collect and use information, clearly the government’s ability to cause harm is amplified by the fact that it has multiple avenues to do so.
More narrowly, though, my emphasis on legislation is more centered on the difficulty we’re going to have revising the “Reasonable Expectation of Privacy” test. I doubt it’ll be revised in our lifetimes, and instead having legislative remedies that clearly define to what extent we can expect privacy to be safe guarded with data that’s associated with specific individuals will keep us safer, both from the government and from private entities.
On your “cynicism”, I think it’s always easy to fall into the trap of considering government/states to be a monolithic entity. To the extent that there is competition between organizations it provides as much of a safeguard as anything else. Moreover, we have multiple governments competing across the world with these multinational companies. How likely would Google be to give up email stored by dissidents in China if they knew they’d face a massive fine or even criminal sanction in the US and EU when they did so? There’s wide-ranging deterrent effects to making clear sanctions that can be enforced to keep agencies and entities from wanting to use data to less than scrupulous ends.Report
If we use Jaybird’s rather specious and offensive analogy, we can say that the government is a guy watching hidden camera videos that the boyfriend has taken without the girlfriend’s consent or knowledge
Why not use the analogy of “private pictures taken of a girlfriend with her consent by her boyfriend”? Because that’s what the government is looking at without the girlfriend’s consent. “I was giving these pictures to *YOU*”, we can imagine her saying.
And what’s the counterargument? “You should date a higher class of guy”? “You should have known better than to let him take such pictures”? “Seriously, that’s just asking for trouble”?Report
This may be impossible simplistic of me, but it seems to me that a good place to start would be disclosure. Basically, a checklist. I sign up for Yahoo’s new social network, and I am confronted with checklists.
[x] Will use data for internal advertising purposes.
[x] Will sell data to outside advertisers and data accumulators
[_] Will voluntarily give or sell data to government without warrant.
[x] Will turn over personal data to other commercial interests, such as credit rating agencies insurance companies
None of this is perfect. For example, it would need to be stipulated that data turned over to outside advertisers will not then be sold to insurance companies. Or alternately, tighten the rains on what insurance companies can and cannot use in their formulas.
The only problem is that my understanding is that we have done this with mortgages (explainer sheets) and I’ve been told that they haven’t really done any good.
As an aside, another thing I would like acknowledged is that the government cannot simultaneously claim that (a) we have no right to privacy expectations when it comes to X but (b) the government goes apoplectic when it is revealed that the government is looking at X. If there is no expectation of privacy, I don’t see what grounds on which they should be keeping it a secret. This strikes me as so obvious that it feels like I must be missing something.Report
I’m really a bit uncomfortable going further with this analogy, but it’s the field we find ourselves on, so let’s continue.
The question I’m trying to raise is: “Who does the picture belong to?”
If the answer is simply “the boyfriend”, whether or not the girlfriend gave consent or intended consent to be only for the private eyes of the boyfriend becomes irrelevant. If the answer is “the conditions under which the girlfriend granted her right of publicity” then we get into the weeds of where the boyfriend can be sanctioned for sharing the photo without her consent.
There’s actually a set of tort statutes starting to wind up on the books about online harassment on themes of this sort, but the recourse people can take is still quite limited. The question is: would an information safeguarding law help keep this sort of abuse away? Should it keep it away?
Who owns the data about you? Is it you, or the person you gave the data to for safe-keeping? That determines entirely who the rules protect and why.Report
The question I’m trying to raise is: “Who does the picture belong to?”
I submit: if the chick says some variant of “this picture is just for you”, and then we find that not only has the government has been collecting cellphone pictures as part of its classified program to fight terrorism, but was (against the rules of the agency!) collecting these such pictures in a folder called “Stress Relief”, then an argument that focuses on exactly how reasonable the expectation that boob pictures not be distributed actually is is an argument that is focusing on the wrong thing.Report
Now you’re just going off on a complete non-sequitor and dodging the question. It’s a bit low to conflate our analogy with a baseless hypothetical that’s only tangentially related to the discussion. I’m done with this discussion if this is the sort of cheap shot you want to focus on.Report
Baseless hypothetical? You want to see if I can find examples of the government eavesdropping and listening to phone sex calls between deployed soldiers and their spouses back home? You want to see if I can find examples of these phone calls being passed around for giggles?
Because this is something that actually happened. No hypothetical needed.
The fundamental argument seems to be that “you shouldn’t be willing to give Facebook/Google so much information so therefore you shouldn’t be surprised when the government ends up with it.”
If we’re going to be offended by anything, you’d think that we’d be offended by *THAT*.Report
It’s a baseless hypothetical in that we’re not talking about the same programs or even the same original issues. Warrantless eavesdropping/wiretapping is a separate issue from the NSA’s data collection/data mining. Part of the problem here is that people are consistently conflating various programs and mixing them into a single problem, when they’re separate problems with different solutions.
Moreover, I don’t know if you’re intentionally being obtuse or just trying to get a rise out of me, but my point isn’t “you shouldn’t be surprised if the government takes data that you give to facebook”, but “you should have ownership of all the data that’s about you”. How fucking hard is that to understand?
I know you have your whole “I hate anything involving government” shtick to go on, but enough is enough.Report
Let me make this abundantly clear, okay?
I think your hypothetical is baseless because you’re bouncing around issues as they become convenient for you to keep doing a rhetorical dance about how eeeeeeevil government is and how blameless we should hold private entities of any sort.
It’s also baseless because it’s a non-sequitor to the basic argument we were having Re: data ownership. The whole fucking point of the analogy YOU started was whether or not consent was a condition that needed to be taken into account when determining what you were allowed to do with data. We have things like licensing for images and publicity laws, software reproduction laws and the like. There’s something of a fundamental division between whether or not data can be owned or not, who can own the data, and how the chain of custody works in these cases. THE WHOLE POINT OF MY POST WAS TO STATE THAT THIS IS THE IMPORTANT DISCUSSION.
Not that the NSA is blameless, or it’s your fault for giving information to facebook or whatever other fucking smear you want to try to impress onto my post.Report
my point isn’t “you shouldn’t be surprised if the government takes data that you give to facebook”, but “you should have ownership of all the data that’s about you”. How fucking hard is that to understand?
Perhaps defenses of the NSA aggregating data without warrants (and pointing out that the thousands of violations amount to little more than a “big whoop”) obscure some of the important points.
Because it seems to me that your vitriol is directed toward corporations selling the data but not toward the government, never, not even for a second.
And given what little data has been released and the nature of the new data being released, drip, drip, drip, it seems that an attitude that says “the government shouldn’t be trusted!” will have more footing tomorrow than “big whoop”.Report
If you think my vitriol is aimed merely at corporations, then you missed the entire point of my post.
The whole point is that it’s difficult to find the nexus between private and public data collection, and that for the sake of maximal protection of privacy rights, we need to not just shackle government with new definitions of what we regard as socially and subjective expectations of privacy, but do so in a way that doesn’t require waiting for an entire new crop of judiciary officers like we did with phone wiretaps.
As for the rest of your response, it’s a big whoop because the “thousands of violations” are as the IG report itself noted, either technical errors or other violations that aren’t there simply to maliciously violate the privacy of people, in a program that’s built on the basis of existing law. The problem is with the law and how we define privacy and data retention and expectations. That needs to change. My entire “vitriol” is based on the fact that our definitions are faulty and we need to fix that. That’s putting blame squarely on the shoulders of government, but you’re starting to make it clear you just don’t give a fuck about the substance of the debate and just want to play quibbling games about semantics so you can keep saying GOVERNMENT BAD.Report
How’s this? “Are there laws covering this?”
And if it turns out that there are, we could ask “have these laws been broken?’ (Perhaps even “has any court ruled this behavior to be unconstitutional?”)
And, if it turns out that they have, we could say something other than “big whoop”.
I mean, do we have evidence that Facebook has broken any law? Google?
So far the only evidence we’ve seen presented is the evidence that the government agency has broken law (or that courts have found behaviors to be unconstitutional). Not hypothetical discussions over who owns what data… evidence of laws broken and court rulings.
What was the response to that, again?Report
I mean, do we have evidence that Facebook has broken any law? Google?
Part of the discussion is answering the question “what should the law be?” The Snowden disclosures can be used to pivot towards a larger discussion about how privacy is handled in multiple contexts and whether there’s room for strengthening protections in both public and private sectors.Report
Yes.
So far all the reports have suggested that the laws haven’t been broken, so much as exploited. The violations that have occurred are mostly technical in nature, while the underlying legal rationale for the access of privately held data stores is rooted in constitutional rulings dating back to Smith v. Maryland
The most egregious violations of actual law (like the NSA wiretapping violations) were dealt with largely through reforms within the agency in question. We know at least from the IG report that DOJ and ODNI have put in some strong (but opaque) safeguards to prevent the sort of abuses that happened during the Bush Administration.
No, but the evidence suggests that the law here is faulty, not the government’s reaction to it.
Again, we’re discussing different issues. The substantive violations of law were mostly dealt with by placing safeguards and oversight responsibilities onto NSA. So far as we can tell the statements by Snowden on how much capability he had to do illegal things isn’t matched by evidence that there was any action to that effect. The IG’s report has revealed a miniscule fraction of all queries had problems due to issues with technical issues, but no gross abuses of privacy, at least in practice. Then in that case our questions should be: A. are the oversight functions and reporting strong enough? B. do we want to change how privacy laws are defined to make it even harder for data to be accessed illegally, C. is increased transparency required on surveillance powers.
On A. the jury is still out. The national security law experts seem to believe that the safeguards are strong enough, while others are pointing out that the capability exists to override those safeguards rather easily. The argument from the latter seems to boil down to “we need to take away the possibility of that capability existing at all” which to me strikes me as both ludicrous and trying to ungrow a tree from a garden ten years after it’s taken root. It’s not going to work.
B. is the question I’m trying to grapple with here. I think the law as it stands is woefully inadequate and needs fixing. We need privacy protections for data and ownership of data that we don’t currently possess. The fact that data is becoming a commodity to be traded among firms and among governments makes it even more vital that individuals have access and ownership of their own identities and information. To me, it’s a fundamental self-ownership issue, and why I am pushing on this issue so strongly.
On C. I think more transparency would be good, but not a panacea.Report
Thank you, Nob, Creon Critic, Will Truman and Jaybird. Both the OP and the attendant comments have been the most cogent discussion of this topic I have read anywhere on the Intertubes.
I wonder if I could get your collective take on an angle of this debate I’ve seen elsewhere, as this argument has influenced my stand on the NSA question and I don’t think I care for the implications.
Using the example set by what the American people seem willing to accept (and maybe even to demand) regarding air travel in the wake of 911, I wonder what will happen to data privacy following the next successful attack, especially (as seems likely) press coverage then alleges that more intelligence information “might” have prevented the violence. (The press will ALWAYS suggest something MORE could have been done. I think that’s a given.)
Granted that these claims will be made regardless, I find myself open to greater government collection of metadata that I consider somewhat benign, if that 1) diminishes the likelihood (even modestly) of another successful large scale attack and 2) decreases the size of the target of “what MORE could have been done” come the escalation.
This seems like a reasonable trade-off to me, but I could be kidding myself. What do you all think?Report
I’m a fan of asking “what has this stuff prevented?”
If we could point to a major attack that had been prevented by these acts, I might soften.
Now, I appreciate the fact that if we announced that 19 Arab Muslims had been arrested on September 10th, 2001, and they had planned to hijack four planes and fly them all into the WTC, the Pentagon, and a field in Pennsylvania, there would have been a reasonable counterargument that all we found were 19 dudes, a couple of copies of Microsoft Flight Simulator, and 30 dollars’ worth of box cutters.
With that said, the plans that the government has admitted to foiling were less spectacular than, say, the Boston bombing. Insert sentence about Russia warning us about the brothers here.
Given what measurables we have and what we know was *NOT* prevented… I don’t know that there’s much of an argument for having the system at all. Of course, stuff like the Boston bombing is given as evidence that we need stuff like this… but stuff like this isn’t being prevented by stuff like that.
And that’s without getting into the Constitutional issues.Report
If more people were fans of asking “what has this stuff prevented?” I wouldn’t be asking my question. That would entail deliberate cost/benefit analysis and, as far as I can tell, it just doesn’t work that way where security is concerned. Security is Emotional.
From what I’ve seen, the reason I currently have to strip half-naked and get a little pat down whenever I fly is because on September 12th, 2001, many, many people in this country imagined themselves as passengers on one of those ill-fated airplanes or office workers in the South Tower of the WTC, then rallied behind the cries of “Never again!” Politicians responded to the calls to do Whatever It Takes to prevent something like this from every happening again and we got an out-of-control TSA, the Patriot Act and wars in Afghanistan and Iraq, etc.
So, to my mind, the slippery slopes arguments are particularly useless. Recent history has taught that what we are more likely to see regarding liberty is hold your ground, hold your ground, (something bad), full-fledged surrender. I’d prefer to risk the slippery slope, if it meant delaying or diminishing the event that would trigger another round of major capitulation in the name of security. I prefer this because I think that approach leads to greater net liberty over the long haul.Report
Anyone want to bet there are “black files” around? Things that the NSA isn’t allowed to go look at?Report