Privacy is about Policy

Discussion of privacy really ought to be focused on the legal regime, not technical capabilities.

FBI WiretappingThe discussion thread on James Joyner’s post on the drug war and phone records reminds me of a simple point that seems to get lost in discussions about privacy and that point is that privacy is as much about policy as it is about technical capabilities.

Specifically:  it is often argued that the nature of electronic communication means that it can be easily accessed by third parties.  The IT guy at your place of work can read your e-mails, for example.  And, indeed, there are lots of third party participants who could, if they so choose, have access to that e-mail.  Such facts may make one cautious about what kinds of information one sends.

This is, however, not as new a phenomenon as it is being made out to be.  Since the creation of physical mail it has been the case that if I write a letter to a friend and place it in the hands of my local postman that said letter will travel through the hands of any number of third parties who could, with great ease, read that letter.

What prevents them from so doing?  The answer is a combination of social norms and the law.  In short:  it is public policy that the mail cannot be tampered with.  Somehow when have managed to send pieces of paper, often with rather sensitive information upon them (SSNs, bank account numbers, amongst other things) with only thin pieces of paper enshrouding them as a means of keeping prying eyes out, and yet maintained a basic expectation of privacy.  And if the government, having cause, needs to acquire those pieces of paper, they have to go to the courts to get them.

There is no reasons why we can’t have a similar set of legal expectations for electronic interchanges.  Just because it is easier to put electronic communication into a database shouldn’t mean that it is legally easier for the government to access my information.

It is true that the only way to keep something totally private is to not share it with anyone.  One cannot, however, live life that way.  Privacy, at least in the conversation we are having about things like the NSA and so forth, is wholly about policy and what we allow the government to do and what we forbid them to do.  I think that simply saying that e-mail is easy to access and therefore it should be treated like a public conservation is problematic, because there is nothing stopping Congress from passing laws that reinforce basic privacy expectations of citizens engaged in everyday communication.

To sum up:  yes, if I send an e-mail it passes through any number of systems that can be accessed by third party actors.  This is true, however, of snail mail as well.  If we can create a legal regime that protects basic privacy of snail mail, we can for electronic communication as well.  It really is about the policy and not the capability.

FILED UNDER: *FEATURED, US Politics, , ,
Steven L. Taylor
About Steven L. Taylor
Steven L. Taylor is a Professor of Political Science and a College of Arts and Sciences Dean. His main areas of expertise include parties, elections, and the institutional design of democracies. His most recent book is the co-authored A Different Democracy: American Government in a 31-Country Perspective. He earned his Ph.D. from the University of Texas and his BA from the University of California, Irvine. He has been blogging since 2003 (originally at the now defunct Poliblog). Follow Steven on Twitter

Comments

  1. Caj says:

    The NSA outrage is a load of hocus pocus! Nothing is private anymore. It seems that some have lost their minds over it. You choose to put out private information and let the whole world know your every move! What you did, what you said and where you’ve been. All a bunch over hyped nonsense as regards the NSA.

  2. Eric Florack says:

    Of course the problem here is that ignoring the technical capabilities makes the policy nigh on useless, and completely disconnected from reality.

    And as for the usefulness of the law, consider the now defunct communications act of 1933, which in part was often read to say that it was illegal to tell your wife what your mother in law just said on the phone. One could logically wonder what would be our discussion if this law was still in force.

    I suppose that the government can change the law wherever it becomes an impediment to it’s goals…particularly when such laws are created… and re-written… by unelected bureaucrats, as was the comms act of 33.

  3. mantis says:

    There is no reasons why we can’t have a similar set of legal expectations for electronic interchanges.

    Not true, there are in fact many reasons. First, the analogy of physical mail is misused here, I think. Email is more the equivalent of a postcard, if anything in the physical mail. While yes, we have a legal and reasonable expectation that sealed mail is private. Someone has to open it for it not to be. But with postcards, the message is plain to see from anyone who looks. Can you expect privacy with a postcard?

    Email is not an encrypted medium. It is inherently unsecure. There are many ways to exchange information electronically that are secure, and I would agree that the government has no business hacking encryption and accessing such information.

    yes, if I send an e-mail it passes through any number of systems that can be accessed by third party actors.

    It’s not that it “can be accessed.” It must be accessed by third party actors, repeatedly. Those networks and servers it passes through are third party actors.

    We can build an absurd policy framework that prevents the government, and possibly others, from accessing what is transmitted right out in the open, even though everyone else can, or we can realize that people do not have a reasonable expectation of privacy everywhere, all the time. Just because you want email to be secure doesn’t mean it can be.

  4. James Joyner says:

    @Caj: You’ve responded to a detailed argument against this very position with a restatement of the position. This does not advance the debate.

  5. @mantis:

    It’s not that it “can be accessed.” It must be accessed by third party actors, repeatedly. Those networks and servers it passes through are third party actors.

    Just because it passes through those servers does not mean that it has to be opened and read by those third party actors any more than the postman ought be opening my letters to read them.

    We are using the word “access” differently.

    Again: the issue is not how easy it might be to obtain information about me, it is a question of what rules are constructed about who can see that information for official purposes and under what circumstances they can do so.

  6. James Joyner says:

    @mantis: The postcard analogy is unpersuasive. If I leave a postcard on the counter, it’s there for anyone to read. Unless someone is logged into my account or that of the other party, there’s no similarly easy way to read my message.

    Mail isn’t encrypted, either. It’s simply wrapped in a piece of paper.

    Third party servers don’t “access” my email, they retransmit it. That’s fundamentally different. Nobody at Google has to read my messages to get them to the recipient. Indeed, I’m rather confident that they don’t in fact read my messages, just given the sheer volume.

  7. Davebo says:

    @James Joyner:

    Unless someone is logged into my account or that of the other party, there’s no similarly easy way to read my message.

    You’re kidding yourself James. A 15 year old could do it.

  8. @Davebo: And a ten year-old (or younger) can take a letter out of my mailbox and open it (far easier than they could hack into my e-mail account). And yet, that’s not legal and we don’t let such activities lead to documents being used in court.

  9. Again: the issues is not ease of access. It is easy to access paper. The issues is what the legal regime is in place about the communications in question regardless of the medium.

  10. JohnMcC says:

    The content of emails doesn’t seem to me to be the issue here, unless I am sadly behind in my reading (which is not impossible at all!) The databases that are controversial are lists of contacts, yes? The NSA is accused of keeping records (or causing the ISPs involved to keep records) of whom we emailed and whom we called.

    This is completely legal (as I understand it) with paper mail. I can’t cite cases — don’t have that much curiosity — but would be astonished if it is not routine investigative work to keep lists of addresses (and the dates, frequency, etc) of incoming and outgoing snail-mail from/to persons of interest.

    Or is it the contention of civil libertarians that electronic communication should — as policy — have more privacy than snail mail?

  11. C. Clavin says:

    Technology created the problem of easy access…only technology can solve it.
    Back in the day mail would be sealed with wax and a custom stamp and be hand delivered and handed to you personally and thus be rendered “inaccessible”.
    Throughout its evolution physical characteristics have had as much to do with mails inaccessibility as anything else. Right up to sealed and insured Fed-Ex packages.
    Technology will need to evolve…especially when and if the public demands it.
    So there’s your multi-billion billion dollar software idea….back in the day only the rich and powerful had the priviledge of private communication. Figure it out and get Vanderbilt rich.
    Of course giving me a cut would be the right thing to do.

  12. mantis says:

    @Steven L. Taylor:

    The issues is what the legal regime is in place about the communications in question regardless of the medium.

    And my question is how can you possibly have a legal regime with no regard to the various media in use? How do you write a law that doesn’t take the technology into account? The analogies to physical mail are are really inapt, because these are fundamentally different forms of communication. What a network does with data is just different from what the Post Office does. Data are different from physical objects.

    I’m not saying there’s no privacy on the internet. I’m saying much of it is inherently not secure and can not be considered private because of that. Privacy in electronic communication, like all other privacy, is something you have to seek out, and recognize it when you see it. Email is not private. Be careful with email. Do not send your passwords by email.

  13. Mikey says:

    @Steven L. Taylor:

    The issues is what the legal regime is in place about the communications in question regardless of the medium.

    This is a good and valid point, but the sad truth is when it comes to things like the “war on terror” or “war on drugs,” the necessary policies will never be enacted.

  14. @mantis:

    And my question is how can you possibly have a legal regime with no regard to the various media in use?

    I never suggested that we could or should.

  15. Spartacus says:

    @JohnMcC:

    Or is it the contention of civil libertarians that electronic communication should — as policy — have more privacy than snail mail?

    That’s a good and fair question, and I think the short answer is “no.”

    Much of the consternation comes from the fact that when we mail letters through the USPS we necessarily give information about the sender and recipient to the government, but that is not the case when we send other communications because the government doesn’t provide phone, email or texting services. Many of us do not think the government should be able to force a private sector third-party entity to turn over records about our use of that third-party’s services without first getting a warrant based on a reasonable suspicion that those records contain evidence of a crime.

  16. ratufa says:

    Let’s make this simpler: You have an account with a e-mail provider, such as gmail. You make an SSL-protected connection to one of the gmail front-ends and send mail to your buddy’s gmail address. Your traffic to the server is encrypted. Your unencrypted message is only passing through your provider’s internal network (if you think this matters, pretend the provider is using IPsec everywhere). Your buddy reads your mail via an SSL-protected connection.

    The question is what sort of legal protections should there be against the government asking your provider to see the mail you just sent? Assume that you haven’t already agreed to the government seeing your mail when accepting the provider’s terms of service.

  17. Spartacus says:

    @mantis:

    And my question is how can you possibly have a legal regime with no regard to the various media in use? How do you write a law that doesn’t take the technology into account?

    There is nothing at all new about prohibiting the government from reading people’s electronic communications without a warrant. It is already illegal for the government to do this without a warrant and, to our knowledge, no part of the federal government or any state or local government does this except the NSA.

    It would not require any new considerations about technology; it only requires eliminating the NSA’s exemption from the requirement to get a warrant.

  18. Ben says:

    @Davebo:

    @James Joyner:

    Unless someone is logged into my account or that of the other party, there’s no similarly easy way to read my message.

    You’re kidding yourself James. A 15 year old could do it.

    Only if said 15-year-old is on your local LAN, has been able to infect your PC with a keylogger or some other malware, or if he can access one of the ISPs servers or switches. Otherwise, I’d like you to explain to me exactly how you would read the plain-text email I send my mom, if were to give you both of our emails. SMTP is unencrypted, that’s true. But it is unicast, which means you can’t just listen for broadcasts. You would need to spoof the address, which is much harder to do on the Internet than on a local network.

  19. Matt Bernius says:

    Agreed with everything written above. However, it is important to note how norms are typically fashioned by understandings of *human* capabilities. And those are the norms that need to be constantly revisited in the wake of technological changes that up-end our understanding of what is possible.

    Surveillance is one of those areas where these changes are especially pertinent as technology has fundamentally extended possibilities far beyond the “human” — hence the need for ruling on whether or not a GPS device can be secretly added to a car to enable tracking without a warrant.

  20. Todd says:

    I’m going to go off on a slightly different track here, in regards to privacy …

    Could the reason that so many otherwise law-abiding citizens are so worried about privacy be that there are just too many laws?

    On one level, I’m personally not terribly worried that the government can (if they wanted to) probably know about pretty much everything I do … especially online.

    Except for one little thing …

    Without even realizing it, I almost certainly violate several laws on a weekly, if not daily basis.

    That’s why I need privacy; to protect me from being caught breaking laws I don’t even know about.

    Without trying to start a heated debate on the purpose of the bill of rights, I would contend that as a society, we are not served by the concept of privacy being used to protect those who are knowingly breaking the law.

    The debate about things like red-light cameras and “speed traps” are one of my favorite examples. Many Libertarians (of which I consider myself one on some issues) will argue that the government shouldn’t have the ability to monitor our driving. That we have a “right” to speed and/or run a red light, as long as we don’t get caught. Why? If we as a society have determined that we don’t want people driving at excessive speeds, shouldn’t it be extremely easy to catch people violating that law? And if we don’t think it’s necessary, get rid of the law, don’t make it harder for people who are breaking it to be caught.

    p.s. I realize this almost certainly unrealistic, as in any society, even if we severely limit our laws, there will still be some that I (and others) don’t agree with, and would probably see no harm in breaking.

    p.p.s. Privacy is an illusion anyway, and technology will only make that more of a fact in the future. Which brings me back to my original argument: we need fewer laws.

  21. Barry says:

    @Steven L. Taylor: “Again: the issues is not ease of access. It is easy to access paper. The issues is what the legal regime is in place about the communications in question regardless of the medium. ”

    Agreed, and people seem to be unable to see this. Particularly when it comes to governmental action, which is restricted by the Constitution.

  22. C. Clavin says:

    It’s not easy to access paper.
    It’s sealed. It’s dispersed. It can’t be analyzed the same way.
    You could never search 100,000 letters for keywords or patterns the way you can 100,000 cyber-documents. Now consider a gazillion. Not being able to do something is the opposite of easy.
    If nothing else the cost-benefit is upside down with paper.

    By the time a legal regime, even if effective, is put into place the technology would be beyond it.

    How long has this been going on? How many examples of abuse can you list?

    I’m an advocate for smart Government. But this is a job for the invisible thechnological hand. But with the public giving away their info freely to anyone and everyone who wants it…hard to see the demand.

  23. TastyBits says:

    @Steven L. Taylor:

    I agree with you about privacy, and I would go much further. Unfortunately, most people’s stance is that privacy rights are only important to criminals, and there is no harm. While there will be collateral damage from mistakes of names or address, this is to be expected. It will be minimized as much as possible, but crime must be stopped.

    The fact that most of the people who advocate this view will never be affected by it makes their acceptance more understandable. People who live in the “right” type of neighborhoods can be certain that their name and address will be checked, double checked, and triple checked.

    The safety and security of those at the upper end of the economic and power ladders trumps the rights of those at the lower end. While this is unfair, people at the bottom are used to being screwed so their “betters” can prosper.

  24. Matt Bernius says:

    @Todd:
    I think you really nail it in this comment. The question of whom the eye of technological surveillance is trained upon is huge. As is the philosophical question of what law do we choose to enforce.

    It’s also important to note that enforcement of laws is almost always selective — even when technology is involved. So beyond *what* laws, we must also ask the question of *who*, *where*, *when*, and *why* are they enforced.

  25. john personna says:

    The history is that system administrators, some private, some public, some amateur, COULD AND DID read random people’s emails … to shepherd delivery and to manage active accounts.

    You simply do not know history if you claim internet (as opposed to Blackberry!) email ever had real privacy.

    Only recently have secure transports and connections entered the picture.

    Now going forward we can make any privacy rules we like. We do not need to disbelieve history to make new rules happen. Indeed our new rules might be better with an understanding of protocols and their evolution.

  26. I think that there are at least two usages of the word “privacy” in this thread. Clearly anything we do outside of own skulls has the potential to be shared in ways we don’t want. There is no way to guarantee total privacy of information and we should be cautious about things we share in e-mails, etc.

    However, I am using “privacy” in a policy sense not in an “it is impossible some one can see my business” sense. Another way to look at it: I am using privacy here in a 4th amendment sense-that is, when, how, and why the government can access this information.

  27. @C. Clavin:

    It’s not easy to access paper.
    It’s sealed. It’s dispersed. It can’t be analyzed the same way.
    You could never search 100,000 letters for keywords or patterns the way you can 100,000 cyber-documents. Now consider a gazillion. Not being able to do something is the opposite of easy.

    That is a different issue-you are leaping from accessing a data point to searching compiled data. And, of course, an electronic database is easier to search than a pile of paper. But that’s not what I am discussing here.

    The ability to slit open an envelope and read the contents of said letter is pretty darn easy. And we have laws that preclude doing that and that would influence the ability of the government to use information gleaned from such an action in court.

  28. Ben says:

    @john personna:

    The history is that system administrators, some private, some public, some amateur, COULD AND DID read random people’s emails … to shepherd delivery and to manage active accounts.

    You simply do not know history if you claim internet (as opposed to Blackberry!) email ever had real privacy.

    Only recently have secure transports and connections entered the picture.

    In the seminal days of the 80s, before there were ISPs in any real sense, yes, you are correct. However, ever since modern ISPs as we know them came into existence in the mid 90s, An email from me to my mother goes from my PC, through 2 or 3 routers, hits my ISPs SMTP server, then hits 4 or 5 backbone routers then my mother’s ISP’s SMTP server, then 2 more routers and down to her house. Most ISPs do not have a mechanism for their employees to read emails on the SMTP server, and most ISP routers do not do any packet inspection whatsoever, they simply look at the IP header to see where it’s coming from and where it’s going. The chances of a random person being able to intercept an email and read it from the time it enters your ISPs network to the time it leaves the recipient’s ISP network is almost nil. On your LAN is the only place it’s gonna happen.

  29. john personna says:

    @Ben:

    The law, and the post card metaphor comes out of those early days, which you acknowledge.

    What you have overlaid on that is 1001 individual privacy agreements between various parties, and no end-to-end user guarantee. There cannot be. There is no overarching provider of “internet mail” to make that end-to-end guarantee.

  30. john personna says:

    (I think what James might illustrate above is a sort of toothless customer expectation of privacy. And for that, the news of the last few months should be a real wake-up call. Perhaps end users were misled, or allowed to assume that their privacy agreement with their first-link provider was actually an end-to-end agreement.

    That is not actually true.

    If you want privacy, you need to draft it from scratch, and design it as an end-to-end guarantee.)

  31. Gustopher says:

    @Caj:

    The NSA outrage is a load of hocus pocus! Nothing is private anymore. It seems that some have lost their minds over it. You choose to put out private information and let the whole world know your every move! What you did, what you said and where you’ve been. All a bunch over hyped nonsense as regards the NSA.

    I suspect the NSA and other government agencies are very annoyed that they also don’t have privacy.

  32. Gustopher says:

    @James Joyner:

    Third party servers don’t “access” my email, they retransmit it. That’s fundamentally different. Nobody at Google has to read my messages to get them to the recipient. Indeed, I’m rather confident that they don’t in fact read my messages, just given the sheer volume.

    The ads on gmail are based on the content of your emails. A very simplistic, mechanical processing of the content, to be sure, but they definitely access the content and use that.

    And, several years ago, I recall reports where. One of their employees was caught and fired (I hope) for accessing a 14 year old girl’s email. I sort of hope I have the details of that wrong.

    So, I’d put my expectations at somewhere between untouched content and the CEO reading your emails for his own amusement.

  33. C. Clavin says:

    The ability to slit open an envelope and read the contents of said letter is pretty darn easy

    First you have to somehow know the letter exists….that bad guy A that you know nothing about, has sent bad guy B that you nothing about, a letter…then you have to physically go find it. Then you get to open it. How is that easy?
    Seriously…if it was simply a matter of ripping open a letter no social norms or legal regimes would stop it. Cheney outed a covert spy and instituted a program of torture. But he wouldn’t open a letter??? Right.

  34. @C. Clavin:

    Cheney outed a covert spy and instituted a program of torture. But he wouldn’t open a letter??? Right.

    By that logic we shouldn’t bother with any rule because, after all, someone might behave badly and not follow them.

  35. C. Clavin says:

    No…that’s Jenos level stupid.
    Back in the day only the priviledged had secure communications. The physical nature of snail mail, as it has evolved over time, brings with it a certain amount of basic protection for everyone.
    Same thing today…if you have the money you can have secure electronic communications. Technology is going to have to evolve its own protection for the masses. In my opinion the burden rests in the technology itself.

    The Internet is what….3 decades old? Internet use has grown 100 times in the last decade alone. The iPhone is what…6 or 7 years old? None of us knows what communications technology will look like by the time Republicans can agree on a law to pass that will cover dial-up modems.

  36. C. Clavin says:

    By the way…I think yours is a smart, and fascinating, take on the topic.
    Getting caught up in fever dreams about black helicopters is unproductive.
    And I’ll concede it’s probably not going to be an either/or solution…it never is…the world always works best with both/and solutions.
    But with news of password hacking software that can process 8 million guesses a second…I’m not counting on Mitch McConnell to protect me. Republicans can’t even protect me from Obamacare (snark).

  37. @C. Clavin:

    By the way…I think yours is a smart, and fascinating, take on the topic.

    Thanks.

    Getting caught up in fever dreams about black helicopters is unproductive.

    Fret not–that is not where I am at on this.

  38. michael reynolds says:

    I haven’t been much interested in the technology aspect of this. I don’t think that’s why privacy is dead. I think privacy is dead because we don’t really care about it, we only pretend to.

    I could sit here and type the names of 100 corporations that each of us has surrendered his privacy to. We do it again and again, over and over. We don’t even think about it. We surrender our privacy because it makes life easier. To do otherwise would be really hard.

    The first time we do it we’re nervous. Not so sure, better read that privacy policy, better do some chin-stroking, some frowning, a bit of harrumphing. . . and then surrender. Later though we go straight to the surrendering. Eventually we stop thinking about it all.

    Until! Until we learn that the government is one of the 100 or so entities that know way too much about is. This casts a new light on things. Because the government doesn’t want our data just so they can deliver shoes and porn and news in the most efficient way possible. No, the government wants that data so they can stop terrorists. And in the weird, un-self-aware lives most people lead, this seems nefarious.

    I mean, hey, so Google knows exactly what your favorite sexual kinks are, in what order, and what time of day you start gettin’ dirty, and exactly how long it takes you to get off, but the NSA knowing you made a call to Yemen, now that’s an outrage!

    But never fear, because we have no intention of doing anything about it. Not really. We’re a little surprised (the naive among us) to learn that there is a 101st privacy invader when we were only expecting 100, but there’s not really much heat behind all this “outrage.” Because we know damned well that we’ve long since stopped caring and all this is just for show.

    It’s a “shocked, shocked!” moment. My God, who knew the NSA was listening to phone calls!?! (Um. . . everyone?) So in deference to our need to pretend to do something we’ll pass some rules that will have almost no effect and will be quietly set aside next year. But we’ll all have had a nice few weeks of outrage.

  39. @michael reynolds: It is less a question whether it matters to me that the NSA knows I called Yemen. What concerns me, and it is a broad concern, is that we have seen the government make any number of errors in its attempts to target “bad buys” (no knock drug warrants come to mind, let alone some of the abuses in the name of fighting terrorism). I would like to limit such errors as much as it possible. This is not because I think I am likely a target of such errors, but because democratic governments ought to make as few such errors as possible.

  40. Just 'nutha' ig'rant cracker says:

    Maybe someone else has already said this, but one of the distinctions, at least in my view, between the mail and email is a shift in philosophy that goes with the second medium. In postal mail, there was an overt acknowledgement at some point that the trustees of such documents would be responsible to preserve their privacy. That acknowledgement probably predates legislation regarding postal privacy. In the case of internet service, the privacy agreements have read “we will preserve your privacy–except as violating it will make us a buck or cultivate our own fiducary interests” for about as long as I can remember.

    The absence of a preexisting social contract seems to be the biggest problem here. Why does Congress need to protect a concept that can’t be shown to have ever existed within a particular medium?

  41. @michael reynolds: Put another way: one of the key purposes of the Bill of Rights, especially 4-8, is to make it hard for the government to declare someone a criminal. I think that this should be hard and I don’t want the War on Terror to be an excuse to make it easier because we are all scared. We have already seen the War on Terror make it easier. We are all more likely to be abused by our own government dues to misapplication of anti-drug policies than we are to be the victims of terrorism (and yes, the probabilities are small in both cases). Still, this is a troubling fact needs to be reversed, not deepened.

  42. Eric Florack says:

    what is the difference between opening an email and opening a letter?
    if the letter gets opened in transit, you know by way of broken seal that its security, however slight, has been breeched.
    you also have a fair idea who is responsible for said breech.

  43. michael reynolds says:

    @Steven L. Taylor:

    Yeah, but you’re talking about actions subsequent to data collection, or invasion of privacy. There’s the data, and then there’s what’s done with it.

    From the start of l’affaire Snowden I’ve suggested people differentiate between the two. The one is relatively harmless. But acting upon it in ways that violate due process can obviously be very harmful. So to me this is less a question of privacy than of due process. Privacy is the red herring (maybe not totally red, more of a pink) while SWAT raids, black-listing, etc… is the real potential problem. And while I am absolutely sure there have been and will be abuses, due process did not suddenly disappear, and if we want to strengthen it further that’s relatively easily handled.

  44. @michael reynolds: yes, but the two as linked. Intel leads to action and the more confident the government is that it has good information it will be more prone to act. No knock raids, for example, are perpetrated by confident law enforcement officials.

  45. TastyBits says:

    @michael reynolds:

    You have little to fear from your country, but not all of your countrymen can afford the luxury of being able to trust their government. In the unlikely event that your name or address comes up, your government will ensure that they have the correct person. If you are arrested, you will be addressed as “sir”, and there is little chance that a toilet plunger will be shoved up your ass. If you pull out your wallet, the police will politely wait for you to get you ID, and there is little chance that you will be shot because your wallet is mistaken for a gun.

    For most Americans, there is no “slippery slope”.

    Most Americans will not have their land taken and forced to move, unless they are the native type. Most Americans will not have a Supreme Court ruling that states they are second class citizens, unless they are the wrong color. Most Americans will never be rounded up and interned, unless they do not look like most Americans. Most Americans will not have secret medical experiments done on them, unless they are being treated in Tuskegee. Most Americans will never be deemed a rabble rouser and have an FBI file, unless they preach that all Americans should be a first class citizen. Most Americans will never have their houses of worship infiltrated, unless they worship at a mosque.

    Most Americans have nothing to fear from the government monitoring their communications, unless they are a minority, poor, or powerless. The safety and security of most Americans trumps the rights of those at the lower end of the ladder. It sucks, but folks towards the bottom know they are going to be f*cked for the benefit of their betters.

    “Membership has its privileges.”

  46. michael reynolds says:

    @Steven L. Taylor:

    So forbid the rapid use of this intel except in emergent terror-related cases, limit its use in any event to terror cases, and apply reasonable safeguards. The choke point is there, at the place where intel becomes action. Much easier to control a relatively small number of actions as opposed to limiting data collection in such a way that we only spy on the guilty.

    By the way, a counter-argument could be made that better intel would cause fewer mistaken door-kicking incidents. We don’t have so many spare door-kickers that we want them chasing false leads, right? In cases of SWATing (malicious people setting up the cops and their innocent victims) wouldn’t we wish the cops had better intel? (Not my favorite argument since I’m skeptical of law enforcement’s ability to analyze this flood of data to begin with. I’m just throwing it out there because, well, there it is. )

  47. Grumpy Realist says:

    @Eric Florack: What about an encrypted email?
    (learn obscure languages guys, best code of them all.)

  48. michael reynolds says:

    @TastyBits:

    Pretty sure the Tuskegee medical atrocities had dick-all to do with intel or the not-yet-created NSA.

    To suggest that we should stop collecting intelligence on foreign and domestic terror threats because of disparate impact on minorities is not in any meaningful way different from suggesting that we should disarm police because of disparate impact. We have to deal with the affect of intel on warrants, arrests, raids, etc…, and in that regard have to watch for disparate impact.

  49. Andy says:

    Great post and thread.

    Looking at mail vs. email and the 4th amendment, I think some of the technological differences matter a great deal. Email is the easy case, but what about social media, text message, my computer archiving to the cloud, ect.? Who owns the content? In the old system, you owned the content (the mail or phone call) and the government-sponsored monopoly ensured the government could easily monitor if it had the proper authority. That was the “deal” that satisfied all parties. That system doesn’t work well today because the content is often “owned” by corporations, it’s often invisible to us and transmitted automatically, and there is no monopoly or cartel for the government to turn to as a one-stop-shop for law enforcement needs.

    In this new environment, should the government have to serve a warrant against every online service I use or should they simply be able to serve a warrant against “me” and collect any data that leaves my house? Or should they be able to collect it at any point on its journey? What about the location data my phone transmits constantly to the network, or any number of other situations where I’m not even aware I’m sending data. And then there’s the fact that data can pass through multiple systems and even multiple countries. If I send a regular snail mail, I know the post office handles it from door-to-door. With email, I have no idea where the data goes after my ISP on its way to it’s destination which isn’t, BTW, a physical address.

    We need a new regime and we need some fundamental rules that everyone agrees on – people’s expectations need to match reality and the current situation is so confusing that’s not the case currently.

  50. michael reynolds says:

    Oh my God, I mixed up affect and effect. Okay, all I can say in my own defense is that I spent 3 hours teaching a 16 year-old to drive, and cleaned the grease out of a stove blower today. Nervous exhaustion. It’s a weak defense, but it’s all I got.

  51. TastyBits says:

    @michael reynolds:

    Tuskegee was to gather medical data and apply it to a public health problem – intel & safety. The safety of most Americans trumped the rights of those at the bottom. In each of my examples, people trusted that their government was not going to abuse their rights. This is not the theoretical “slippery slope”. This is reality, and these were real people whose rights were violated.

    Why would the US government not violate the rights of people over data collection? My list was far more damning. Just because the courts have ruled something legal does not make it right. Legally, a person could be forced to the back of the bus because of his color, but that did not make it right. Ruling that my data belongs to a 3rd party does not make it right. Interestingly, my medical data has strict limits on its use.

    Police are not supposed to shoot somebody without a good reason, but this does not stop them from doing it. Few law enforcement are held accountable for mistaking a wallet for a gun. Excuses are made, and they go on their merry way. I am supposed to believe that these same people are not going to abuse data collection. Only some people will be affected, and I doubt that will include many of the commenters.

    Towards the bottom of the ladder, the terrorists wear badges or throw gang signs. Al Qaeda is not going to be attacking the shitholes of Chicago, Cleveland, L.A., or New Orleans, at least any time soon. In these areas, all the time and money spent collecting intel for an attack that is never going to happen to them is a waste, but if that intel can be used to f*ck over them, it will be. If you are worried about terrorists, move to the inner city.

    As to disarming the police, I think that may not be a bad idea. Proper police work requires knowing how to interact with people and how to identify the bad guys. When you cannot rely on a weapon, you learn how to handle yourself in potentially dangerous situations.

  52. C. Clavin says:

    “…I think privacy is dead because we don’t really care about it, we only pretend to…”

    This is why I said above that this will be market driven. Either people give a damn and create a demand for technological protection…or they don’t. Maybe someone will invent something and create the demand…either way…but Congress is always going to be driven by corporate interests. Google and At&T and Verizon and Amazon etc. do not want to give up access to this info. So Congress will never make them. And if they have it…the NSA will have it.

  53. stonetools says:

    Great post. Why this is important is that Snowden/Greenwald and their admirers in their “reporting” consistently blur the line between Potential and policy . The headlines to their revelations will blare “NSA CAN READ ALL YOUR EMAILS AND LISTEN TO ALL YOUR HONE CALLS!!” or ” ANALYST CAN WIRETAP THE PRESIDENT!!”, then somewhere in the middle of the column mention “But the NSA generally needs a warrant to listen to the phone calls of a specific individual” or the “NSA has various safeguards to prevent the analyst from wiretapping the President”. Johnson over at Little Green Footballs calls it the “Paragaph 5 Rule” wherein the the weaselly disclaimer qualifying the blaring headline shows up around Paragraph 5 or later of any Guardian column.
    Snowald’s consistent position ( Their supporters’ attempts to obfuscate notwithstanding) is that that the existence of the surveillance technology and the government agencies deploying such technology is what poses an existential threat to democracy, and not the policies determining the use of such technology. Thus Snowald wants the NSA not “reformed” , but dismantled altogether. Thus they focus in the technology’s potential , and ignore talk of reform as irrelevant. Notice neither Snowden or Greenwald have ever proposed any policy changes. Indeed, their supporters tend not to either. What the supporters tend to do is simply to decry the existence of the “surveillance state” and to engage in scaremongering about what the NSA is “really” doing.
    In the meantime, political events in the real world are overtaking the NSA! scandal. We now are finding it out that is actually quite useful to be able to read Syrian military communications or Iranian diplomatic cables. Somehow it’s just not that important anymore to find out that NSA analysts can sometimes mistype search queries or that we are spying on the embassies of Mexico or Brazil. I’m sure that more Snowald revelations will be forthcoming but I’m not sure that they will be seen as anything but a distraction from what’s really important from here on in.

  54. James in Silverdale, WA says:

    Congress should mandate VPNs for all citizens, and those encryption keys must belong to the citizen, not the government, or any other party. The misuse of those keys should carry the same penalty of both law as opening mail, and be regarded as anti-social behavior.

    Any elected official who claims privacy ended with the digital age is ripe for removal from office. The tech is here today to protect privacy.

  55. john personna says:

    @Steven L. Taylor:

    The problem, Steven, is that for that kind of privacy you need something as radical as James in Silverdale‘s proposal.

    Citizens would have to understand enough tech to know what it actually takes to create an “envelope” in the good old, US Mail, sense.

  56. john personna says:

    Or to put it differently, anything short of James’ proposal really is Michael’s acquiescence.

  57. @john personna: Not in the sense of criminal prosecution. That is an issue of how evidence is gathered, not how secure information is.

    Again: if the government wanted to read the mail now, it could. Further, the government can tap my phone or use technology to listen in on what I am doing in my home. The thing that stops them from doing so surreptitiously is not a technological barrier, but a legal one.

  58. john personna says:

    @Steven L. Taylor:

    I have been saying that there are no end-to-end protections, technological nor legal.

    Can you point me to any?

  59. john personna says:

    This, for instance, offers an easy solution:

    The revelation that the National Security Agency can monitor your every move online shouldn’t come as a total shock. A 1986 law lets the Feds read emails that have been stored on a server for at least six months

    You ask your government sponsored backbone company to keep everything six months and a day, and on the last day you make a copy.

  60. john personna says:

    @Steven L. Taylor:

    Note that (as I mentioned in my post on the legal environment of destination addresses) that if you use an EDU account for mail, you have no expectation of privacy.

  61. @john personna: You are correct, yes.

  62. JohnMcC says:

    Well that was easy. On 14 Dec ’10, the 6th Circuit, US Court of Appeals determined that “…the contents of the messages in an email inbox hosted on a providers servers are protected by the Fourth Amendment, even though the messages are accessible to an email provider.” (US v Warshak, Warshak & TCI Media) According to the website commentary (Paul Ohm writing on freedom-to-tinker-dot-com) “…in it’s ruling the 6th Circuit also declares part of the Stored Communications Act (SCA) of the Electronic Communications Privacy Act unconstitutional.” I am — by the grace of God — not a lawyer so perhaps some change has been made to these laws since or appeals have nullified the ruling but I lack the resources to find it. But I couldn’t find such and will assume that the content of emails are protected by the Constitution.

    There is also a thing called a ‘mail cover request’, it turns out, that is NOT a violation of the Fourth Amendment. The USPS grants approximately 15 to 20 thousand requests (not warrents) annually from law enforcement agencies to examine the outside of envelopes or packages and report what could be seen without opening the package/envelope.

    So if I understand what all this hullabaloo is about, we have over 60 comments about one of two concerns. Either the content of emails is mistakenly thought of as open to general inspection by ISP’s, law enforcement or National Security Agency spooks — in which case everyone can relax. Or the analysis of interlocking email/electronic/telephonic networks — not the contents, just the networks, addresses, frequency of traffic and such — seems to be a terrible crime against PRIVACY!

    If the second instance is what is being debated, then it is proposed that emails have MUCH greater protection that USPS mail. And I think that’s just nuts.

  63. Spartacus says:

    @stonetools:

    Snowald’s consistent position ( Their supporters’ attempts to obfuscate notwithstanding) is that that the existence of the surveillance technology and the government agencies deploying such technology is what poses an existential threat to democracy, and not the policies determining the use of such technology.

    That is Snowden’s position, but as made clear many times by many different commenters, Snowden doesn’t speak for the many people who support what Snowden did.

    It’s also extremely important to understand that Snowden’s position on this is not extreme, new or patently unreasonable. After examining all of the secret government abuses that arose from government domestic spying, the Church Committee came to the exact same conclusion that the capability to spy on citizens without a warrant was, by itself, a threat to the country. Thus, Congress enacted laws that prevented most of this type of spying. It was only after 9/11 that the government started dismantling the very protections that were in place to prevent the kinds of abuses that Congress had determined were inevitable with these kinds of capabilities.

    Again, it’s not like these issues are new and we have to guess about the kind of harm that flows from these capabilities. We have actual, recent experience that validates our privacy concerns.

    Notice neither Snowden or Greenwald have ever proposed any policy changes. Indeed, their supporters tend not to either.

    We’ve argued repeatedly to revoke the NSA’s ability to collect meta data and electronic communications without first getting a warrant. We’ve also argued that even after such information has been collected with a warrant, its prosecutorial use should be limited to crimes relating only to national security.

  64. john personna says:

    @JohnMcC:

    I have acknowledged that the specific path from a private ISP mail provider to another private ISP mail provider is secure and likely protected. I say likely because we have the well-known google exception, where they as an email provider just do a click-through license to allow your mail to be read, in their case, in very narrow terms.

    Most people are probably not used to thinking of that as contingent on starting and ending addresses, nor specific end-user agreements.

    Put differently, if email is truly protected, how the heck can google advertise vacation-related items proximate to my vacation-related correspondence?

  65. mannning says:

    If you want security (privacy) for some of your email partners, MS Outlook provides an encryption service of the public key type that you can set up with your friends. Offhand, I do not know the algorithm used or its strength. In all probability, the government can decrypt such messages up to some strength limit because they have the resources to do so. Of course, a message that is a pseudorandom stream of bits would peak their interest.

    Perhaps it would be easier to use a one-time-pad encoding from digitized novels, because they are the most difficult–even impossible– to decrypt, but it does take time to create. (An app that allows you to highlight the word and create its digital reference in message format would be handy.)

  66. Raider says:

    We live in a treacherous world where the leaders cannot be trusted, and in America we are witnessing her gradually morph into a police state.

    As far as electronic communications go, if you don’t want the authorities seeing them, or knowing the source IP, then learn how to effectively encrypt your communications, hard drives, and files. Learn how to adapt as the circumstances may warrant.

    Encrypt, encrypt and encrypt. Also find yourselves the best spyware and virus protection and removal software.

    God loves you all.

  67. michael reynolds says:

    @Raider:

    Encrypt, encrypt and encrypt. Also find yourselves the best spyware and virus protection and removal software.

    Do I have to? Because I don’t really give a sh!t if the NSA reads my emails.

  68. michael reynolds says:

    In fact, just to make this easy for the NSA, I’ll summarize the emails I get:

    1) Hey, would you like some Dean and Deluca chocolate, some Eddie Bauer t-shirts, some Virgin America tickets or some quack medicine?

    2) Where’s the manuscript/Q&A/bio/blurb?

    3) Would you come to my school/book launch/event?

    And here are the emails I send:

    1) Pay me.

    2) Hey, here’s an idea for which you should pay me.

    3) Here’s the manuscript, now pay me.

    I hereby grant to the NSA not just full rights to read through all my email, without exception, I also grant them power to remove my name from any and all mailing lists.

  69. grumpy realist says:

    @michael reynolds: reminds me of the footers a lot of us at MIT attached to our emails containing the words “terrorist, bomb, assassination, revolution…”.as NSA bait. If everything sends up a warning signal, what’s the use of monitoring?

    (Back in the 80s the computer nerds had a cat-and-mouse thing going on with the NSA, which had taken over one of the floors in one of the buildings in Tech Square and kept trying to keep tabs on what our profs and students were developing through eavesdropping on our emails and other communications. I don’t know whether they became a target because of the challenge of getting into the NSA systems or because of the sheer incompetence of their supposed cloaking. We nicknamed them “the No-Such-Agency” because of the continued denials we got from them on everything. The funny thing is, if you happen to act like a black hole slurping down everything and never returning any signals, you stick out like a black cat on a white eiderdown. Something the NSA never realized.)

  70. JohnMcC says:

    @john personna: As I said, not-a-lawyer. But I have assumed that something in the Google contract gives them the right and I bet that if you pressed them real hard they could produce that contract with your or mine signature.