The NSA and Facebook Are Just Symptoms…

Nob Akimoto

Nob Akimoto is a policy analyst and part-time dungeon master. When not talking endlessly about matters of public policy, he is a dungeon master on the NWN World of Avlis

Related Post Roulette

39 Responses

  1. Jaybird says:

    The argument that I use with regards to the “but you give google and facebook your information!” argument is to draw an analogy to sexual assault of a woman and then asking what the big deal is because she has sex with her boyfriend all the time.

    “Consent” is one of those things that changes dynamics pretty significantly. Saying “But you didn’t mind when it was someone else” is not a good argument.Report

    • Creon Critic in reply to Jaybird says:

      In what way can a consumer’s consent be classified as impaired by the facts that
      there’s a 4,000+ word EULA with Facebook*? That EULA was likely crafted by very good lawyers while the consumer usually doesn’t have lawyers on retainer to evaluate what exactly they’re signing up for? That EULAs tend to allow for the company to change provisions of the agreement on pretty lenient terms?

      Potential privacy abuses with respect to corporations deserve at least as much scrutiny as abuses with respect to governments. Claiming the consumer-corporation relationship is consensual doesn’t change that (particularly given the asymmetry of information).

      * not picking on Facebook, insert any other multinational tech giant in their placeReport

      • The thing is, though, if Facebook starts abusing my information, I can unilaterally exit. So even if I don’t read the EULA, I can at least minimize the damage once I find out about it. Which isn’t as good as avoiding it altogether. But is more reasonable to me than saying “If you don’t like, become politically active to pass a law to repeal it!”

        This doesn’t make anything and everything corporations would do with my information okay. But it does put it on a different plane than government, in my view. Even if we accept the notion that I agree to whatever the majority, the government, and the courts decide because I don’t pick up and move to Somalia, that’s still a different level of consent than continuing to use Facebook or GMail.

        So while I can agree that corporate privacy abuses do deserve scrutiny, I do not agree that they deserve the same level of scrutiny as does the government.Report

      • To me the same concerns raised in the original post about data ownership and privacy apply in both the government and private context. When you exit Facebook, what happens to your data? Can the company keep it? for how long? can they sell it on to third parties? do they have to tell you when they do so?

        In my view, there’s an interest in protecting rights in both spheres. So if the US were to establish an office like Australia’s Privacy Commissioner, or other type of privacy ombuds-type office, I’d want them to be empowered to have a view towards both private and public sphere abuses.

        here‘s a for instance from 2011, though I’m not sure to what extent it’d be called consensual.

        Online dating company Gotham Dating Partners has announced plans to create profiles for non-registered individuals based on publicly available information on social networking sites.

        […]

        Jordan said the site would soon host some 340 million profiles after scraping information from social networking sites, e-mail registries, mailing lists, marketing surveys, government census records, real estate listings and business websites to create new dating profiles.

        Gotham Dating Partners hoped to position itself as a dating service as well as a “public information source” for individuals and corporations needing accurate information on US citizens, Jordan said.

        […]

        Jordan did not expect to face any privacy issues by aggregating publicly available information, stating: “If the information is public, there are no privacy issues.”

        Report

      • Creon, even if Facebook does get to keep the data*, at least I can stop giving Facebook more data once I find out what they’re doing with it. That’s not as good as their not being allowed to keep the data, but it’s a lot better than relying on a law being passed to scale back government access to it.Report

      • Or, put another way, it’s not that I don’t think there are any concerns with the private accumulation and dispersal of data. I do think it should be taken for granted that my expectations with free, adbased entities are limited. But there can be and are concerns. But I do consider these concerns to be on a different level than the government doing the same. I consider the level of consent to be different, and I consider the ramifications to be different (even if not always benign in either case).Report

      • Jaybird in reply to Creon Critic says:

        While I am certainly *NOT* dismissing the abuse of privacy by corporations, but there *ARE* options available to folks out there. There are options out there that are not google if you want to search, there are options out there that are not facebook if you want to tell people that you’re in Starbucks and you’re ordering your favorite latte, lol.

        And when you tell facebook “I live in Montana, I graduated from Boise High School in 1994 and here is a picture of me”, presumably you know that you are giving facebook a lot of data there. Heck, the people who do that are, presumably, doing this *IN ORDER* for people from their past to be able to find them. (“Dude! I was in your science and math classes! Are you showing up for the 20th?”)

        There seems to be an undercurrent of “well, people should know better than to do that” when it turns out that the government has been breaking its own rules to gather information on people without warrants.

        And pointing out that there are rules and the rules have been broken is given short shrift.Report

      • Nob Akimoto in reply to Creon Critic says:

        There seems to be an undercurrent of “well, people should know better than to do that” when it turns out that the government has been breaking its own rules to gather information on people without warrants.

        And pointing out that there are rules and the rules have been broken is given short shrift.

        I think you’re still missing the point. The rules have been quite clear that the two-pronged Katz based test say that subjective expectations of privacy and society’s expectations are key in setting the rules themselves. For much of the metadata and some of the “spying” done without warrant, absent the provisions of certain parts of Title III, there isn’t actually all that much oversight or rules required because the data being accessed isn’t considered private.

        The extent to which the NSA revelations are about “abuses” is unclear. Most of the revelations have been about things that have a fair basis under law. The problem is what we’re used to considering legal is outdated by the standards of just how much data is collected about us.

        Also saying “we have a choice” in a lot of our consumption and living habits isn’t all that different from telling people to move to Somalia if they don’t like the government. Part of living in modern society requires certain amounts of data collection by people. What’s wrong with saying we should have the right to safeguard that data from ANYONE using it without our consent? We do that with our medical data. What’s different about where we eat or what type of latte we ordered for breakfast?Report

      • Jaybird in reply to Creon Critic says:

        Most of the revelations have been about things that have a fair basis under law. The problem is what we’re used to considering legal is outdated by the standards of just how much data is collected about us.

        So Snowden didn’t tell us anything that, seriously, we shouldn’t have already known? You’re unclear on why they’re freaking out or, indeed, why the government is upset about the so-called “leak” of information that anyone with access to Google News should have known about during the Bush Administration?Report

      • Jaybird in reply to Creon Critic says:

        The extent to which the NSA revelations are about “abuses” is unclear.

        Here’s a fun paragraph from The Washington Post:

        The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.Report

      • Nob Akimoto in reply to Creon Critic says:

        On some level I think Ben Wittes and his post on the NSA at Lawfare sum up much of the attitude for folks who’ve been paying attention:
        http://www.lawfareblog.com/2013/08/the-nsa-the-washington-post-and-the-administration/

        A lot of it is simply that many of the details of how these programs specifically operate were classified and the government never likes it when people leak classified documents. The rest is that the people who HAVE been paying attention have a different reaction to the revelations than people who are getting it filtered through the OUTRAGEMACHINE.Report

      • a lot better than relying on a law being passed to scale back government access to it.

        I don’t think I understood this. I understood, and agree with, this part of your comment, stopping Facebook getting new data less good than government requiring Facebook delete data. I didn’t get, “relying on a law being passed to scale back government access to [your data]” less good than what?

        I do think it should be taken for granted that my expectations with free, adbased entities are limited.

        This may be the core of where we differ. What should we expect from the private entities? To me there’s a whole (emerging) set of business and human rights norms lurking in the background that informs my view on examining private sector conduct.

        I do consider these concerns to be on a different level than the government doing the same.

        Lastly, maybe this is where the rubber meets the road, would your perspective mean a significant difference in the institutions and policies instituted to deal with abuses in the public or private sector? If not, then we disagree more as a point of analysis than as to policy prescriptions. Concrete prescriptions like a US law similar to the EU’s Data Protection Directive or going beyond a Privacy and Civil Liberties Oversight Board towards something with an even broader remit like Australia’s Information Commissioner.Report

      • Nob Akimoto in reply to Creon Critic says:

        On your rather misleading WaPo story As Wittes notes (emphasis is added by me):

        Let’s start with the audit report that supposedly shows thousands of violations of privacy rules and legal breaches. To be clear, not one of these 2,776 “incidents” (over a year at the NSA’s headquarters) involves a decision by any NSA employee to engage in illegal surveillance against an American. They are nearly all inadvertent mistakes of a technical nature—the majority of a few discrete types (See pp. 5-6). The bulk are “roamers,” which take place when a valid foreign intelligence target happens to cross into the United States. The IG report notes that “Roamer incidents are largely unpreventable, even with good target awareness and traffic review, since target travel activities are often unannounced and not easily predicted” (emphasis added).

        There are also a fair number of database query errors—that is, typos, confusions of boolean terms like “and” and “or,” syntax errors, and the like. You know . . . mistakes. These mistakes are caught through a combination of automated checking, auditing, and self-reporting. In other words, the fewer than 3,000 incidents reported over the year in question involve the NSA’s own systems—and people—catching and correcting technical errors.

        Even the section entitled “Significant Incidents of Non-compliance” (pp. 11-13) does not detail anything like any intentional violation of the privacy rights of Americans. One incident involved the retention of FISA business records material longer than the permitted five years. Another involved an incident in which collection continued against an individual after indications had arisen suggesting he had a green card; this stopped when a senior linguist figured out that those indications had been received and not noticed.

        In other words, what this document shows is that among the billions and billions of communications the NSA interacts with every year, it has certain low rate of technical errors, many of them unavoidable, which it dutifully records and counts.

        As we used to say in grade school, big whoop. Or rather, it is a big whoop—just for the opposite reason than the Post’s story suggests.

        Report

      • Jaybird in reply to Creon Critic says:

        Here’s my favorite part of that blog post:

        The guidance here may reflect, to some degree, what was by some accounts a difficult adjustment for the NSA to having programmatic oversight from the Justice Department and the ODNI at a very granular level.

        But come on. It’s hardly a news flash that a secret, clandestine intelligence agency might resist giving out information about its operations when not legally required to do so.

        Awesome.Report

      • I don’t think I understood this. I understood, and agree with, this part of your comment, stopping Facebook getting new data less good than government requiring Facebook delete data. I didn’t get, “relying on a law being passed to scale back government access to [your data]” less good than what?

        … and I don’t understand what you’re saying here. My comment was as clear as granite. So let me just rewrite that comment:

        If Facebook turns around and misuses data that I give it. Let’s say, for instance, that they turn around and sell it to life insurance companies. And let’s say that even if I logged off and deleted my account, they could still take that data and sell it to auto insurance companies. And there’s nothing I can do about it. Well, that kinda sucks. But at least I can refrain from giving Facebook more data simply by no longer participating. That’s not nothing.

        Should I be able to require that Facebook delete the data? I could get on board with that (I’d need to think more about it), though my sense is that at that point, the cat would be out of the bag. It’s almost certainly in the hands of somebody else.

        Should we be able to prevent them from selling data to begin with? Well, I’m reluctant to really get on board with that, fully. Because Facebook needs to make money. The reason I expect less of free, adbased service is because of this. What expectations should I have, here? About the only expectation I can think of is that information they tell me is private, is private.

        And yeah, if they turn out to lie about that, I am on board being pretty harsh about that. That would include, of course, giving information to the government that I had no reasonable expectation that they would give to the government.Report

      • Will, I think where Creon (and myself really) am having trouble is that your assertion that having no recourse other than simply stopping use of a service is preferable to having a means of remedying it through tort or threat of criminal sanction on the service in question. Given the sheer scale of many of these services and their ability to control aspects of your social life due to their market share, I think it’s important to have something other than boycotts.

        I’m simply at a loss as to see what’s wrong with adding substantive penalties both for unauthorized access of your personal data by government personnel and for violations of privacy policies and sale to third parties.Report

      • Will, I think where Creon (and myself really) am having trouble is that your assertion that having no recourse other than simply stopping use of a service is preferable to having a means of remedying it through tort or threat of criminal sanction on the service in question.

        I don’t have a problem with there being recourse, when misbehavior occurs. If Facebook says “We won’t sell data to insurance companies” and they sell data to insurance companies or the government (without a subpoena), they should be held into account.

        Where I tend to get a bit hair-trigger is when Facebook is used as a reason to be less concerned about what the government is doing. That, because I am not worried about Facebook sending information to advertisers, I should not be worried about their sending information to the NSA. That I should be comparably concerned with both because both are “privacy.”Report

      • Kim in reply to Creon Critic says:

        Will,
        some information STEALING isn’t in the EULA.
        In fact, it’s topsekret business shit.

        You don’t want to know how much you’ve told Amazon about yourself…Report

      • James K in reply to Creon Critic says:

        Plus, Facebook can’t send people with guns after you.Report

    • Nob Akimoto in reply to Jaybird says:

      I’m a little disappointed with this reply because I think you and Will seem to have missed my broader point that you really can’t divorce the corporate from the state aspects of data collection. I guess I failed to communicate my point clearly.

      My broader point is that much of what enables government access to communications data is that it’s gathered by private companies to begin with. Further we have very little control over how that data is utilized. We have all sorts of things we’re not aware or at least minimally aware of others collecting on us, ranging from browsing habits to location check ins through GPS enabled phones. But all of that data is part of the trove that both state and corporations mine.

      If we use Jaybird’s rather specious and offensive analogy, we can say that the government is a guy watching hidden camera videos that the boyfriend has taken without the girlfriend’s consent or knowledge. At what point do we criminalize that behavior or at least severely restrict it? In this case it seems only right that the image rights belong solely to the woman and not to the person taking the video or pictures.Report

      • For the record, I didn’t have a problem with your post. I caught the point that you were intending to make and I think it’s valid. Even aside from the government, there is sharing among private entities that I do not want to occur (or to occur easily). Say, sharing my private Facebook posts with insurance companies to mine for potential risky behavior. Or a whole lot of things with credit agencies.

        At the same time, though, there is value in a lot of this information being kept. I don’t mind it being used for targeted advertising, for example. Even the GPS, letting people know where I go and where there might be a coffee shop I am interested in or something. And it’d be really need to have access to this information myself (I left my credit card somewhere, let me use the GPS on my phone to retrace my steps). I also think this data should be available to the government with a warrant.

        So on the accumulation of data, I am sympathetic to allowing it to be accumulated. The notion that if the data exists the government will necessarily get its hands on it and how could I ever expect any differently and I sacrificed my right for the government not to have the data when I agreed to let Google have it (an argument you are not advancing, but that I have seem advanced to varying degrees)… well I reject that. Or, if it’s true, then there is simply no way that I can trust the government to force companies to delete data so that the government itself cannot later access it.

        Maybe that’s too cynical of me. But if we could rely on the government not to do that, we could rely on the government not to do things like apply pressure to get companies to turn over the data in the first place. We could trust the government to institute, and enforce walls.

        And if we can get the government to do that, then I am not opposed to doing that. To rethinking privacy more generally, as you suggest. I am just a little hair-trigger, I guess, against the notion that I have the same to fear from private industry that I do from the government. (Or maybe I, as a white protestant guy without radical beliefs and for the most part in social circles without radical beliefs or vast criminal activity of the sort the government makes a point to target, have less to fear from the government – but that’s not reassuring.) That’s what it came across to me like Creon was saying.Report

      • Nob Akimoto in reply to Nob Akimoto says:

        Okay, I understand better what you’re getting at.

        Overall, again, I don’t think there’s much equivalence between how government and private entities collect and use information, clearly the government’s ability to cause harm is amplified by the fact that it has multiple avenues to do so.

        More narrowly, though, my emphasis on legislation is more centered on the difficulty we’re going to have revising the “Reasonable Expectation of Privacy” test. I doubt it’ll be revised in our lifetimes, and instead having legislative remedies that clearly define to what extent we can expect privacy to be safe guarded with data that’s associated with specific individuals will keep us safer, both from the government and from private entities.

        On your “cynicism”, I think it’s always easy to fall into the trap of considering government/states to be a monolithic entity. To the extent that there is competition between organizations it provides as much of a safeguard as anything else. Moreover, we have multiple governments competing across the world with these multinational companies. How likely would Google be to give up email stored by dissidents in China if they knew they’d face a massive fine or even criminal sanction in the US and EU when they did so? There’s wide-ranging deterrent effects to making clear sanctions that can be enforced to keep agencies and entities from wanting to use data to less than scrupulous ends.Report

      • Jaybird in reply to Nob Akimoto says:

        If we use Jaybird’s rather specious and offensive analogy, we can say that the government is a guy watching hidden camera videos that the boyfriend has taken without the girlfriend’s consent or knowledge

        Why not use the analogy of “private pictures taken of a girlfriend with her consent by her boyfriend”? Because that’s what the government is looking at without the girlfriend’s consent. “I was giving these pictures to *YOU*”, we can imagine her saying.

        And what’s the counterargument? “You should date a higher class of guy”? “You should have known better than to let him take such pictures”? “Seriously, that’s just asking for trouble”?Report

      • This may be impossible simplistic of me, but it seems to me that a good place to start would be disclosure. Basically, a checklist. I sign up for Yahoo’s new social network, and I am confronted with checklists.

        [x] Will use data for internal advertising purposes.
        [x] Will sell data to outside advertisers and data accumulators
        [_] Will voluntarily give or sell data to government without warrant.
        [x] Will turn over personal data to other commercial interests, such as credit rating agencies insurance companies

        None of this is perfect. For example, it would need to be stipulated that data turned over to outside advertisers will not then be sold to insurance companies. Or alternately, tighten the rains on what insurance companies can and cannot use in their formulas.

        The only problem is that my understanding is that we have done this with mortgages (explainer sheets) and I’ve been told that they haven’t really done any good.

        As an aside, another thing I would like acknowledged is that the government cannot simultaneously claim that (a) we have no right to privacy expectations when it comes to X but (b) the government goes apoplectic when it is revealed that the government is looking at X. If there is no expectation of privacy, I don’t see what grounds on which they should be keeping it a secret. This strikes me as so obvious that it feels like I must be missing something.Report

      • Nob Akimoto in reply to Nob Akimoto says:

        I’m really a bit uncomfortable going further with this analogy, but it’s the field we find ourselves on, so let’s continue.

        The question I’m trying to raise is: “Who does the picture belong to?”

        If the answer is simply “the boyfriend”, whether or not the girlfriend gave consent or intended consent to be only for the private eyes of the boyfriend becomes irrelevant. If the answer is “the conditions under which the girlfriend granted her right of publicity” then we get into the weeds of where the boyfriend can be sanctioned for sharing the photo without her consent.

        There’s actually a set of tort statutes starting to wind up on the books about online harassment on themes of this sort, but the recourse people can take is still quite limited. The question is: would an information safeguarding law help keep this sort of abuse away? Should it keep it away?

        Who owns the data about you? Is it you, or the person you gave the data to for safe-keeping? That determines entirely who the rules protect and why.Report

      • Jaybird in reply to Nob Akimoto says:

        The question I’m trying to raise is: “Who does the picture belong to?”

        I submit: if the chick says some variant of “this picture is just for you”, and then we find that not only has the government has been collecting cellphone pictures as part of its classified program to fight terrorism, but was (against the rules of the agency!) collecting these such pictures in a folder called “Stress Relief”, then an argument that focuses on exactly how reasonable the expectation that boob pictures not be distributed actually is is an argument that is focusing on the wrong thing.Report

      • I submit: if the chick says some variant of “this picture is just for you”, and then we find that not only has the government has been collecting cellphone pictures as part of its classified program to fight terrorism, but was (against the rules of the agency!) collecting these such pictures in a folder called “Stress Relief”, then an argument that focuses on exactly how reasonable the expectation that boob pictures not be distributed actually is is an argument that is focusing on the wrong thing.

        Now you’re just going off on a complete non-sequitor and dodging the question. It’s a bit low to conflate our analogy with a baseless hypothetical that’s only tangentially related to the discussion. I’m done with this discussion if this is the sort of cheap shot you want to focus on.Report

      • Jaybird in reply to Nob Akimoto says:

        Baseless hypothetical? You want to see if I can find examples of the government eavesdropping and listening to phone sex calls between deployed soldiers and their spouses back home? You want to see if I can find examples of these phone calls being passed around for giggles?

        Because this is something that actually happened. No hypothetical needed.

        The fundamental argument seems to be that “you shouldn’t be willing to give Facebook/Google so much information so therefore you shouldn’t be surprised when the government ends up with it.”

        If we’re going to be offended by anything, you’d think that we’d be offended by *THAT*.Report

      • It’s a baseless hypothetical in that we’re not talking about the same programs or even the same original issues. Warrantless eavesdropping/wiretapping is a separate issue from the NSA’s data collection/data mining. Part of the problem here is that people are consistently conflating various programs and mixing them into a single problem, when they’re separate problems with different solutions.

        Moreover, I don’t know if you’re intentionally being obtuse or just trying to get a rise out of me, but my point isn’t “you shouldn’t be surprised if the government takes data that you give to facebook”, but “you should have ownership of all the data that’s about you”. How fucking hard is that to understand?

        I know you have your whole “I hate anything involving government” shtick to go on, but enough is enough.Report

      • Let me make this abundantly clear, okay?

        I think your hypothetical is baseless because you’re bouncing around issues as they become convenient for you to keep doing a rhetorical dance about how eeeeeeevil government is and how blameless we should hold private entities of any sort.

        It’s also baseless because it’s a non-sequitor to the basic argument we were having Re: data ownership. The whole fucking point of the analogy YOU started was whether or not consent was a condition that needed to be taken into account when determining what you were allowed to do with data. We have things like licensing for images and publicity laws, software reproduction laws and the like. There’s something of a fundamental division between whether or not data can be owned or not, who can own the data, and how the chain of custody works in these cases. THE WHOLE POINT OF MY POST WAS TO STATE THAT THIS IS THE IMPORTANT DISCUSSION.

        Not that the NSA is blameless, or it’s your fault for giving information to facebook or whatever other fucking smear you want to try to impress onto my post.Report

      • Jaybird in reply to Nob Akimoto says:

        my point isn’t “you shouldn’t be surprised if the government takes data that you give to facebook”, but “you should have ownership of all the data that’s about you”. How fucking hard is that to understand?

        Perhaps defenses of the NSA aggregating data without warrants (and pointing out that the thousands of violations amount to little more than a “big whoop”) obscure some of the important points.

        Because it seems to me that your vitriol is directed toward corporations selling the data but not toward the government, never, not even for a second.

        And given what little data has been released and the nature of the new data being released, drip, drip, drip, it seems that an attitude that says “the government shouldn’t be trusted!” will have more footing tomorrow than “big whoop”.Report

      • If you think my vitriol is aimed merely at corporations, then you missed the entire point of my post.

        The whole point is that it’s difficult to find the nexus between private and public data collection, and that for the sake of maximal protection of privacy rights, we need to not just shackle government with new definitions of what we regard as socially and subjective expectations of privacy, but do so in a way that doesn’t require waiting for an entire new crop of judiciary officers like we did with phone wiretaps.

        As for the rest of your response, it’s a big whoop because the “thousands of violations” are as the IG report itself noted, either technical errors or other violations that aren’t there simply to maliciously violate the privacy of people, in a program that’s built on the basis of existing law. The problem is with the law and how we define privacy and data retention and expectations. That needs to change. My entire “vitriol” is based on the fact that our definitions are faulty and we need to fix that. That’s putting blame squarely on the shoulders of government, but you’re starting to make it clear you just don’t give a fuck about the substance of the debate and just want to play quibbling games about semantics so you can keep saying GOVERNMENT BAD.Report

      • Jaybird in reply to Nob Akimoto says:

        How’s this? “Are there laws covering this?”

        And if it turns out that there are, we could ask “have these laws been broken?’ (Perhaps even “has any court ruled this behavior to be unconstitutional?”)

        And, if it turns out that they have, we could say something other than “big whoop”.

        I mean, do we have evidence that Facebook has broken any law? Google?

        So far the only evidence we’ve seen presented is the evidence that the government agency has broken law (or that courts have found behaviors to be unconstitutional). Not hypothetical discussions over who owns what data… evidence of laws broken and court rulings.

        What was the response to that, again?Report

      • I mean, do we have evidence that Facebook has broken any law? Google?

        Part of the discussion is answering the question “what should the law be?” The Snowden disclosures can be used to pivot towards a larger discussion about how privacy is handled in multiple contexts and whether there’s room for strengthening protections in both public and private sectors.Report

      • How’s this? “Are there laws covering this?”

        Yes.

        And if it turns out that there are, we could ask “have these laws been broken?’ (Perhaps even “has any court ruled this behavior to be unconstitutional?”)

        So far all the reports have suggested that the laws haven’t been broken, so much as exploited. The violations that have occurred are mostly technical in nature, while the underlying legal rationale for the access of privately held data stores is rooted in constitutional rulings dating back to Smith v. Maryland

        And, if it turns out that they have, we could say something other than “big whoop”.

        The most egregious violations of actual law (like the NSA wiretapping violations) were dealt with largely through reforms within the agency in question. We know at least from the IG report that DOJ and ODNI have put in some strong (but opaque) safeguards to prevent the sort of abuses that happened during the Bush Administration.

        I mean, do we have evidence that Facebook has broken any law? Google?

        No, but the evidence suggests that the law here is faulty, not the government’s reaction to it.

        So far the only evidence we’ve seen presented is the evidence that the government agency has broken law (or that courts have found behaviors to be unconstitutional). Not hypothetical discussions over who owns what data… evidence of laws broken and court rulings.

        Again, we’re discussing different issues. The substantive violations of law were mostly dealt with by placing safeguards and oversight responsibilities onto NSA. So far as we can tell the statements by Snowden on how much capability he had to do illegal things isn’t matched by evidence that there was any action to that effect. The IG’s report has revealed a miniscule fraction of all queries had problems due to issues with technical issues, but no gross abuses of privacy, at least in practice. Then in that case our questions should be: A. are the oversight functions and reporting strong enough? B. do we want to change how privacy laws are defined to make it even harder for data to be accessed illegally, C. is increased transparency required on surveillance powers.

        On A. the jury is still out. The national security law experts seem to believe that the safeguards are strong enough, while others are pointing out that the capability exists to override those safeguards rather easily. The argument from the latter seems to boil down to “we need to take away the possibility of that capability existing at all” which to me strikes me as both ludicrous and trying to ungrow a tree from a garden ten years after it’s taken root. It’s not going to work.

        B. is the question I’m trying to grapple with here. I think the law as it stands is woefully inadequate and needs fixing. We need privacy protections for data and ownership of data that we don’t currently possess. The fact that data is becoming a commodity to be traded among firms and among governments makes it even more vital that individuals have access and ownership of their own identities and information. To me, it’s a fundamental self-ownership issue, and why I am pushing on this issue so strongly.

        On C. I think more transparency would be good, but not a panacea.Report

  2. Scott Fields says:

    Thank you, Nob, Creon Critic, Will Truman and Jaybird. Both the OP and the attendant comments have been the most cogent discussion of this topic I have read anywhere on the Intertubes.

    I wonder if I could get your collective take on an angle of this debate I’ve seen elsewhere, as this argument has influenced my stand on the NSA question and I don’t think I care for the implications.

    Using the example set by what the American people seem willing to accept (and maybe even to demand) regarding air travel in the wake of 911, I wonder what will happen to data privacy following the next successful attack, especially (as seems likely) press coverage then alleges that more intelligence information “might” have prevented the violence. (The press will ALWAYS suggest something MORE could have been done. I think that’s a given.)

    Granted that these claims will be made regardless, I find myself open to greater government collection of metadata that I consider somewhat benign, if that 1) diminishes the likelihood (even modestly) of another successful large scale attack and 2) decreases the size of the target of “what MORE could have been done” come the escalation.

    This seems like a reasonable trade-off to me, but I could be kidding myself. What do you all think?Report

    • Jaybird in reply to Scott Fields says:

      I’m a fan of asking “what has this stuff prevented?”

      If we could point to a major attack that had been prevented by these acts, I might soften.

      Now, I appreciate the fact that if we announced that 19 Arab Muslims had been arrested on September 10th, 2001, and they had planned to hijack four planes and fly them all into the WTC, the Pentagon, and a field in Pennsylvania, there would have been a reasonable counterargument that all we found were 19 dudes, a couple of copies of Microsoft Flight Simulator, and 30 dollars’ worth of box cutters.

      With that said, the plans that the government has admitted to foiling were less spectacular than, say, the Boston bombing. Insert sentence about Russia warning us about the brothers here.

      Given what measurables we have and what we know was *NOT* prevented… I don’t know that there’s much of an argument for having the system at all. Of course, stuff like the Boston bombing is given as evidence that we need stuff like this… but stuff like this isn’t being prevented by stuff like that.

      And that’s without getting into the Constitutional issues.Report

      • Scott Fields in reply to Jaybird says:

        If more people were fans of asking “what has this stuff prevented?” I wouldn’t be asking my question. That would entail deliberate cost/benefit analysis and, as far as I can tell, it just doesn’t work that way where security is concerned. Security is Emotional.

        From what I’ve seen, the reason I currently have to strip half-naked and get a little pat down whenever I fly is because on September 12th, 2001, many, many people in this country imagined themselves as passengers on one of those ill-fated airplanes or office workers in the South Tower of the WTC, then rallied behind the cries of “Never again!” Politicians responded to the calls to do Whatever It Takes to prevent something like this from every happening again and we got an out-of-control TSA, the Patriot Act and wars in Afghanistan and Iraq, etc.

        So, to my mind, the slippery slopes arguments are particularly useless. Recent history has taught that what we are more likely to see regarding liberty is hold your ground, hold your ground, (something bad), full-fledged surrender. I’d prefer to risk the slippery slope, if it meant delaying or diminishing the event that would trigger another round of major capitulation in the name of security. I prefer this because I think that approach leads to greater net liberty over the long haul.Report

  3. Kim says:

    Anyone want to bet there are “black files” around? Things that the NSA isn’t allowed to go look at?Report