A Quick Thought on Privacy

One of the most hotly debated policy topics in tech over the past year has revolved around digital privacy.  The central question, we are trying to answer, is, how much privacy are we as Americans entitled to?  I've always been a firm believer that in most debates the prudent or practical course of action is not usually found in any of the extreme positions people lobby for.  I apply that logic to most policy debates because when taking an extreme stance you are suggesting that your position is absolute and your side of the debate has a monopoly on knowledge.  An example would be the tax pledge Gover Norquist has been pushing for several years.  I dislike taxes just as much as the next guy but a politician cannot with a clear conscience commit to NEVER raising taxes while in office because they have no way of knowing what future events might unfold that require higher government revenue (WWIII).  

I don't believe our government should have access to our personal data without our consent, nor do I believe that with all of the people who want to harm our country and her citizens should we be entitled to absolute privacy. It is a delicate balancing act, but one which is vital to the security and prosperity of our country in the modern world.  I see much more downside risk to completely blocking the government out of our digital lives than there is upside potential in knowing that accessing that data is impossible.  The ongoing debate between the US government and the Apple's and Google's of the world is one of the most important of our generation and both sides have to recognize that Google's desire to keep our data private and the government's desire to protect her citizens are equally valid.

One of the lines in the sand for me would be court orders.  If access to your data is court ordered then companies who are hosting it should be compelled to hand it over.  If the encryption protocols don't allow access at that point then we are not only undermining our judicial system but are endangering the lives of those around us.  Terrorists, pedophiles, drug lords, rapists and kidnappers will all have a wall to hide behind if we as a society aren't willing to come to some sort of understanding on this issue.  I would liken it to the police having a warrant to search a person's car because there is compelling evidence that there is a dead body in the trunk, and the auto-manufacturer creating a trunk that is inaccessible to the appropriate authorities.  

2 responses
There are two things you need to consider: 1) A court order is a pretty weak standard. But I'm going to assume you actually meant "warrant". Now which kind of warrant did you mean, the regular kind, or the FISA-collect-everything-on-everyone-at-all-times "warrant"? Again, I'm going to assume you meant the regular kind. But even in that case, the tech-illiterate judges are quite easily tricked into giving NSA access to the "SSL key", like in Lavabit's case - which meant giving access not just to ONE account but to ALL? Then we have the Stingrays, and there are many cases reported by ACLU in which the judges actually don't really know the police is using such devices to collect all calls and messages from THOUSANDS of people at once PER DEVICE. (they have many through out the country). All of this doesn't seem to be compatible with the 4th amendment and the Constitutional right of privacy, does it? 2) Speaking of the 4th amendment, I actually completely disagree with having the companies give YOUR data away to law enforcement. That to me seems like a bypass of the 4th and 5th amendments. Even if people host data on other computers, that doesn't mean they expect the data to be any less "theirs". And even if a services doesn't use any kind of encryption, and if an email is basically as "secure" as a postcard when it comes to NSA or other malicious attackers, people still have an expectation of privacy for their data and communications. Because people have an expectation of privacy and the data being THEIRS, even if they put it for safe-keeping in some other place, then really, law enforcement should be coming to THEM for the data - not to the companies! In my opinion asking tech companies or carriers for our data is nothing more than en end-run on the 4th and 5th amendments and should be declared unconstitutional.
To your first point, I agree that there have been an abundance of abuses in the implementation of certain surveillance programs, which deserve the public’s full attention and remedy. Those abuses need to be addressed but should not preclude our government from conducting sound programs to protect our national security. Certainly you’re not suggesting that because some judges are “easily tricked” or that there are other bad actors in the chain of command that we should discount work the of the well intentioned people who have dedicated their careers to protecting our country? To your second point, the 4th Amendment protects citizens against "unreasonable searches and seizures." I agree that that when possible law enforcement should request access to a person's data from the individual, not tech companies/carriers. Obviously the nature of well-intentioned government surveillance can sometimes make that impossible, in which case companies who enjoy all the protections of being domiciled in the United States should be compelled to help their government stem illegal activity. If not, what responsibilities do those companies have to their government, if any? As for the 5th Amendment and due process, as along as the government follows “fair procedures” the collection of a suspected criminal’s data should be considered reasonable. That is not to say that I agree with the black-veiled nature of FISA Court, but if the practices of that process are deemed to follow fair procedures than I would be inclined to support those court orders.