New Year (2014) Rumination: Death of privacy as we know it? Or inflection point signaling better things to come?

By Mary Ludloff

I am, and always have been, a glass half-full kind of gal. In fact, way back in September 2011 when Terence and I published our book on Privacy and Big Data, I was far more optimistic than he was on the future of privacy—of course, it’s easy to sound optimistic when your co-author states that privacy is dead. (And yes, we are still working on our book update but we do have day jobs and a significant release in the works so it is slow going but going it is.)

At that time, those in the “digital privacy know” characterized our book as a decent overview. Our intent at the time was to help those NOT in the “digital privacy know” get their arms around the privacy issues from a legislative, corporate, and government perspective. To our surprise, those not in the know included lots of folks in the high tech community! We did a number of interviews and dealt with informed and somewhat uninformed media folk—those in the mainstream focused on social media and those on the fringes (left and right) wanted to do deep dives into legal issues, government uses of data, and fourth amendment rights. Some seemed to think that we were members of the tin foil hat brigade, others that we were naïve, and still others that we were on point.

Fast forward to the summer of 2013 when Edward Snowden revealed, via the release of a slew of top secret documents, the vast data collection apparatus the NSA has put in place to collect and mine the personal data of citizens around the world. As the year wound down, more revelations piled on:

• The NSA has been collecting “hundreds of millions of contact lists” from email and IM accounts worldwide.
• Over the years, the NSA’s data collection program has had “serious compliance problems and frequent failures to comply with court orders.”
• The NSA “infiltrated links to Yahoo, Google data centers worldwide.”
• British intelligence officials provided the NSA with UK citizens’ internet and email records.
• The NSA is using fiber-optic networks to grab data that is in transit between data centers.

Throughout this period, we were all treated to a constant drumbeat from this administration: The NSA was not listening on our phone calls or reading our emails. Thus, no spying occurred. I suspect that all of us (media included) are far too sophisticated 6 months post-revelation to buy this argument. But perhaps, like Terence and I, you wonder why this administration continues to think we are cognitively challenged. (For a refresher course on this argument and a few others, see this post—it includes some great resources too.)

Under the weight of Snowden’s revelations and media’s continuous reporting on all things related to the NSA, spying in general and in specific, the myriad uses of our data by government agencies and others, the lack of judicial and legislative oversight, the potential threat to the concept of a free and open Internet, deep dives into  4^th admendment rights issues, etc., the NSA engaged with 60 Minutes in what can only be described as an “friendly infomercial for the agency.” In its defense, 60 Minutes argued that this was the first conversation that the NSA agreed to and that its purpose was to get the NSA’s side of the story as, up until that point, the NSA’s side had not been represented. Perhaps you noted (like us) that just a few weeks after the interview aired, John Miller, the 60 Minutes correspondent, had a new role as one of the New York Police Department’s cop counterterrorism officials. But the best part of this whole scenario would be Miller’s characterization of both positions:

“The work of intelligence officers and reporters is extraordinarily similar,” he said. “You become a briefer. You tell your boss, here’s the bottom line. Here are the potential responses. That’s kind of what you all do.”

I could say lots of things about this puff piece of a 60 Minutes interview (and did as I watched it in real-time) but will simply ask this question: When will this administration have an honest conversation with its citizens about privacy versus security? Instead, details about the program continue to be shrouded in secrecy due to the state secret defense:

“The state secrets privilege, outlined by the Supreme Court in a 1953 case, originally permitted the government to derail a lawsuit that might otherwise lead to the disclosure of military secrets. It has since turned into a potent weapon the Bush and Obama administrations have used to target any lawsuits alleging illegal NSA surveillance.”

It’s clear that the Obama administration will continue down the path of security over any attempt to understand exactly what the NSA and other agencies are collecting and just how closely all of us are being digitally surveilled. In fact, the Justice Department continues to block discovery in NSA lawsuits arguing that:

“Even if the mere collection of information about Plaintiffs’ communications constitutes a Fourth Amendment search…conclusively resolving the reasonableness of that search ultimately could risk or require disclosure of exceptionally sensitive and classified intelligence information regarding the nature and scope of the international terrorist threat to the United States, and the role that the NSA’s intelligence-gathering activities have played in meeting that threat.”

Edward Snowden, on the other hand, has shown us via numerous releases of classified documents the breadth and depth of what the NSA and other intelligence agencies are doing and it is staggering.  So as we enter 2014, I am left with these questions:

• Who can I trust with my data and how will those companies (Google, Microsoft, Facebook, Twitter and a host of others) protect it from snooping by government agencies and others?
• What does the Fourth Amendment mean in the digital age with regards to the collection and use of the data we all generate via our digital devices?
• When dealing with issues of national security, how can one ensure that there are checks and balances in place to prevent overreach? And what happens when those checks and balances are ignored or better yet, gamed?
• As a citizen, what can I do to make my voice and opinion heard?
• As a company, what can PatternBuilders do to ensure our customers’ data is protected?

While the judicial courts continue to weigh in, it appears that there is no clear decision as to whether the NSA’s record collection program is unconstitutional.  And while I have many questions, one thing is clear: If we continue down the road we are on without legislative and judicial changes, privacy will be dead as we know it.