Balance between privacy and security: not new, but never more important - Technology And Communication
Dennis K. McBrideInformation technology (IT) has revolutionized life throughout the world. In fact, IT has redefined "the world." Neighbors now live thousands of miles apart. Strangers live next door. Nearly every aspect of our lives is affected routinely by enormous increases in computer processing, inter-connectivity, data mining, and the resulting availability and exploitability of information on each of us. Automated or managed monitoring and recording of private daily transactions has already increased beyond what most people realize and will continue to increase, and personal privacy as we have understood it in the past, will be challenged. Armed with formidable knowledge of trends, Institute symposiast David Brin remarked summarily, but deliberatively: "Get over it." (1) From the perspective of technological innovation, the inevitability of Brin's suggestion might be inescapable. Digital face recognition technology, for example, is remarkably capable in large crowds and at appreciable range. Authorities are already deploying this maturing brand of IT even as organized and other elements of American citizenry question the use of significantly less sophisticated tools--automobile license plate identification as an example, to associate people with automobiles with places--for multiple uses in law enforcement. There is good reason to anticipate that this portends even worse. Signals as personal as body odor may soon be exploited for detecting, identifying, or tracking suspicious individuals in high-risk environments. It is probably forevermore beyond "just conceivable" that organizations will face fewer and less expensive technical barriers to analyzing an individual's whereabouts and actions of today, in 2003, as they may be reconstructed decades and centuries in the future.
The business community routinely uses advanced IT in pursuit of entirely legitimate purposes. Internet-delivered product "suggestions" may seem nuisances to some, or time-savers to others, but the inferencing technology that underlies this marketing technique is as simple as it is effective. Software builds models of people based on seemingly private (shopping) behavior. Algorithms are employed worldwide by the banking and credit card industry in order to decrease fraud and protect customers, here again by "profiling." Benign and blind as the technology trends may seem in clear circumstances, applications in contexts that are not understood by those who are not voluntarily party to the scheme can appear threatening to personal freedoms. For example, in order to minimize retail loss (shoplifting), one international razor blade manufacturer has pursued the idea of embedding radio-frequency identification devices (RFIDs) in its product packaging. (2) Although today the effective range for detecting and reading RFIDs is a matter of inches, concerns of privacy are predictable, understandable, and they are already growingly organized.
Issues of privacy protection from corporate intrusions are not philosophically different from concerns about intrusions from fellow citizens. Having received an unwanted voice mail prank here at the Institute, an irritated junior researcher--in a matter of minutes and clicks--produced a "file" on the perpetrator, including his home address, age, school and class photo, and the names of his parents, their employment and civic membership, all packaged with the prankster's voice message, ready made for electronic or U.S. Postal Service shipping to the person's parents. Defiantly, a senior staff member declared that he was entirely immune from similar search. In short order, a "dossier" was produced with most of the above categories of information, including a downloaded overhead image of the staffer's suburban home, and of course minimum-effort driving directions complete with the residential telephone number, otherwise bought and paid for as "unlisted." The file production was halted before mortgage and other information was appended. All of the above was accomplished with routinely accessible data-mining software obtained over the Internet. This is not black market software--it is largely free and entirely available from top-drawer companies.
The societal ramifications of the above examples may pale in comparison to the consequences of collection of data as vitally personal as DNA (the government already owns genetic data on military personnel) or other biomedical data for the examination of insurance availability, job qualification, or myriad other largely unregulated purposes. Regulation in any facet, of course, implies oversight by the government; in the present case, this means protection by the government against possible government intrusion. Within the realm of privacy regulation, perhaps the most fundamental of landmarks in our constitutional history was the post-Watergate passing of the Privacy Act of 1974. Intended to rectify widely acknowledged shortcomings in privacy protection, one arguable consequence was that the act is in practice, weak and difficult to enforce. The American Civil Liberties Union (ACLU), in fact, maintains that on balance, there may be more ill-advised intrusion than ever intended by this statute. The ACLU is unexcelled in its analysis and passionate pursuit of privacy matters. In fact, ACLU documentation of minimally impeded intrusion into "personal" records (including social security, school records, electronic communication--as well as criminal histories) substantiates clear public concern for privacy protection--more so now than ever as IT tentacles increasingly reach and penetrate our sensitivities.
But intrusion cannot be examined on its face value alone. As Amitai Etzioni (3) has written compellingly, the realities of ambitious life will always require balance (perhaps to also mean efficacy and safety). The risks of inappropriate meddling must be squared with the risks of inappropriate neglect. Are parents justified in discovering from government fries or officers that the house they are about to purchase and move into--with their 10-year-old daughter--sits next door to the home of a multiple episode sex offender? An emotionally informed answer might certainly be "yes" But what if there is an error? Suppose the neighbor is not a rapist; he is clinically depressed, suicidal and fatally sensitive to being ostracized. As Etzioni outlines with clarity, a reformulated concept of "common good" must be derived and made central to balancing privacy and security: This is particularly defensible in the era of expansive, high access IT.
Transactional data will play an increasingly important role in national and local security efforts for identifying and deterring criminal behavior. Public acceptance of this enterprise is positive and probably growing since the late summer of 2001. Prosecutorial pursuit of criminals proceeds, however, based on the presumption of universal innocence. The proper exploitation of all transactions thus requires security and privacy policies to protect the rights of Americans, suspects or otherwise, consistent with the letter, and spirit of law. The "law" is significantly more than the Fourth Amendment, and its spirit as a whole is much greater than the sum of its case law parts. Although beyond the scope of this document, it is probably safe to conjecture that most Americans don't know much about privacy theory or privacy law, but they seem to know what they want. Whereas U.S. citizens seem willing to sacrifice some degree of privacy for some payoff in security, there may be few universally agreeable solutions in practice. As one example, reports of fairly streamlined examination of passengers at airport security screens suggests that reluctance to disclose contents of bags, shoes, and garments is offset by the desires for safe flight. Recently, however, it was discovered that passengers were significantly less willing to be weighed (because of privacy matters) for the purposes of aircraft loading--a management process that is vitally important to safe flight, particularly for small aircraft. This, despite the fact that center of gravity loading errors are statistically a far greater danger than the untoward prospects of in-flight terrorism.
The challenge of striking a balance between privacy and security is not a new challenge at all. Our democracy has met, solved, or held in compromise this challenge many times, through many technological eras and through many legal regimes. On occasion, technology breakthroughs have precipitated maturational change in statutory or regulatory context, and on other occasions, changes in constitutional interpretation have become the enzyme of technological innovation. In either case, privacy issues were known to be much more complicated than mere issues of personal secrecy. In fact, as Richard Posner argued more than 20 years ago, there is a fundamental economics of personal privacy--an economics that is in large part responsible for, and untiringly organic to, our Constitution. It is possible that there are rudimentary, biological, economic bases at the very roots of humankind's insatiable desire for privacy and security. (4)
In 2002, the Potomac Institute for Policy Studies initiated Project Guardian: Maintaining Civil Liberties in the Information Age. The effort is aimed at shepherding discussion from all qualified voices on issues central to the tradeoff between privacy and security, particularly as this balance is threatened, or is perceived to be compromised, by advances in technology. Guardian is enriching the discussion by establishing a rigorous, multiway forum for scholars, policy professionals, and everyday citizens by distilling opinions to reveal core facts, laying bare unchallenged assumptions, and by honoring but qualifying disparate attitudes. The program will seek meaningful policy options so that appropriate decisions can be made--not at all absent opinion--but by building upon objective analysis and by submitting rigorously informed opinion.
(1) David Brin. "Coming Full Circle--21st Century Defense Will Stress Citizenship." Proceedings from Out of the Box and into the Future. Arlington, Va.: Potomac Institute for Policy Studies, 2001.
(2) Michael Fitzgerald. "Alien lands big Gillette deal, but privacy is not on razor's edge." Small Times. 24 January 2003. www.smalltimes.com/document_display.cfm?document_id=5363.
(3) Amitai Etzioni. The Limits of Privacy. New York: Basics Books, 1999.
(4) Richard A. Posner. The Economics of Justice. Cambridge, Mass.: Harvard University Press, 1983.
Reprinted with permission of The Potomac Institute for Policy Studies. Dr. Dennis K. McBride is president of the Potomac Institute for Policy Studies. He can be reached at dmcbride@potomacinsitute.org or 703/525-0770. Additional information regarding The Potomac Instituted work can be found at www.potomacinstitute.org.
COPYRIGHT 2003 Reserve Officers Association of the United States
COPYRIGHT 2004 Gale Group