Privacy Is a Red Herring

The debate over NSA surveillance is about something else entirely.

There are curious parallels in the arguments made by those on opposing sides of debates about covert action and NSA surveillance. Both sides deploy the language of secrecy and privacy, but often do so in sloppy and contradictory ways.

Thus, responding to those outraged by recent revelations of mass surveillance, many NSA defenders insist, in effect, that those who have nothing to hide have nothing to fear. Stunned to discover that U.S. intelligence agencies have been "invading your privacy" by monitoring your email, web searches, and telephone records? Calm down: if you're not doing anything that threatens U.S. national security, no one at the NSA will be interested in you. Conversely, if you're one of those people determined to cover your online tracks -- by using Tor, for example -- don't be shocked if the intelligence community begins to view you with suspicion. Why would you work so hard keep your activities secret from your own government, unless you're up to no good?

Many critics of covert intelligence agency activities take a remarkably similar line in response to government outrage over the leaking of secret NSA documents. If the NSA isn't doing anything illegal or immoral -- such as invading the privacy of ordinary Americans or allied heads of state -- then there's no need for all the secrecy. Why would the NSA stamp "top secret" on everything -- and scream so loudly when classified documents are leaked - if it's not trying to hide something from the American public? Didn't Edward Snowden's leaks demonstrate that the NSA really was hiding unlawful behavior under the cloak of secrecy?

At the same time, both government actors and individuals are quick to demand that their own privacy must be respected. NSA activities inappropriately "violate people's privacy," says Google's Eric Schmidt. They constitute an "astonishing invasion of Americans' privacy," laments the ACLU. Rand Paul agrees: NSA monitoring is an "extraordinary invasion of privacy."

When the U.S. government decries leaks of "classified information," it too is invoking the concept of privacy: secrecy is the privacy of governments. Just like individuals, governments value (and, up to a point, need) the right to be left alone. In order to function, governments sometimes need to operate out of the public eye. Effective diplomats may need to take different approaches with different states. Government employees need to know that they can speak candidly to one another without fear that every conversation will be reported on Twitter.

What a muddle. On the one hand, both individuals and governments insist on the importance of their right to "privacy." At the very same time, both government actors and their critics tend to be suspicious of claims of privacy and secrecy: why would anyone need secrecy if they're doing nothing wrong?

These contradictory attitudes reflect a persistent and widely shared tendency to use the term "privacy" to cover a variety of quite different (and sometimes contradictory) things. As George Washington University Law School Professor Daniel Solove puts it, privacy is "a concept in disarray. Nobody can articulate what it means." Ask a dozen people to define privacy and you'll get a dozen different answers: privacy encompasses, notes Solove, "freedom of thought, control over one's body, solitude in one's home, control over personal information, freedom from surveillance, protection of one's reputation, and protection from searches and interrogations." (For more on the ambiguity of privacy, see J.M. Berger's FP article from last week.)

I'd add one more item to Solove's list of definitions: when people speak of privacy, often what they're really concerned about is not privacy at all, but very concrete kinds of economic and physical harm: job loss, theft, injury, imprisonment, and even death. That is: when people speak of privacy they're often speaking -- albeit indirectly -- about power, and its uses and abuses.

This becomes more evident when we push past the surface of claims about privacy.

It's impossible, of course, for either individuals or governments to possess total privacy. Our lives and actions are porous. We all know that a great deal of our "personal" information is "out there" and available to anyone willing to put in even a modicum of effort. Our neighbors can peek through our windows; strangers in cafes and on the Metro can listen in on our conversations and telephone calls; our Match.com dates can Google us -- and that's nothing compared to the data compiled about us by marketers. For the most part, this doesn't trouble us -- most of us simply accept it as the price of living in human society.

This is true for governments as well. You can put a "top secret" stamp on everything from lunch menus to NSA memos, but people still gossip, leave sensitive papers lying around, and speak indiscreetly to their spouses and friends -- and there is always a journalist or spy hanging around who can put together loose scraps of information. What's more, building strong relationships sometimes requires disclosure of secret information: just as friendships and love relationships are cemented by the sharing of intimate information, governments often find that building relationships with allies, journalists, congressional staffers, and think tanks requires at least some willingness to share "classified" information.

We know all this. Even so, we still bridle when we discover that the universe of people aware of our "private" information has unexpectedly expanded, or that the information we knew to be accessible has in fact been accessed.

It's one thing to know, in the abstract, that anyone walking by your house can see into your kitchen window, but it's another thing altogether to look out the kitchen window and discover someone staring fixedly at you. It's one thing to know that the soccer mom sitting one table over at Starbucks can probably make out the words on your laptop screen; it's another thing altogether to know that "the government" can do the same thing.

For government officials, it's one thing to know that NSA surveillance capabilities are, if not fully known, guessed at with substantial accuracy by everyone from journalists to Angela Merkel to al Qaeda operatives; it's another thing altogether to find classified memos describing those capabilities splashed all over the front page of the Washington Post.

But it's important to push ourselves to articulate just why individuals and governments are troubled when the circle of those with knowledge about them expands. Put differently, it's worth asking: when we talk about invasion of privacy, what are we really worried about?

From the government's perspective, the answer is usually straightforward: governmental privacy - secrecy -- isn't valuable in and of itself. It's valuable solely because it reduces the risk of certain harms. Secrecy about NSA capabilities reduces the likelihood that terrorists or other adversaries will find ways to evade NSA scrutiny, which increases the likelihood that the United States will be able to learn about potential threats early enough to thwart planned attacks.

On an individual level, many people find it more difficult to articulate why they're bothered by "invasions of privacy." But when you push hard enough, most people articulate a fear that isn't about that mushy concept we refer to as "privacy," but is in fact about similarly concrete issues of safety and freedom from harm. The man staring fixedly through our kitchen window bothers us not because we think he might discover us doing something "secret," but because he has violated norms of socially acceptable behavior in a way that makes him unpredictable: if he's willing to violate norms against staring, what other norms might he also violate? Will he become a stalker, a blackmailer, a burglar, a rapist, a murderer?

At bottom, something similar is true of typical public reactions to NSA surveillance. We may speak of "privacy," but what frightens most of us is not the abstract notion that "the government" might be "watching us"; rather, it is the very concrete possibility that information about us will be misconstrued, misused, or abused. We fear that we'll end up on a no-fly list, or be unable to get a security clearance, a job, or a loan. We fear being wrongly accused, harassed, detained, and -- in the era of targeted killings -- who knows what else?

This points to an essential difference between the privacy of governments and the privacy of individuals: governments have far more power than individuals. When the government's "privacy" is violated -- through the unauthorized disclosure of classified documents, for instance -- the government can prosecute the leakers, and it can generally fall back on multiple other means to preventing the harms it wants to prevent. The NSA's Internet and telephone data collection capabilities are not the U.S. government's sole means of preventing terrorist attacks, for instance: it has many other ways to gather intelligence and other ways to disrupt and defang terrorist organizations.

In contrast, individuals have far less power and far fewer ways to protect themselves. The cards are stacked in favor of the government. This is all the more true in the post-9/11 environment, in which the government has the advantage of permissive laws, deferential courts and congressmen, "black" budgets, and a vast national security bureaucracy that has expanded faster than our collective ability to control it.

I've made this point in a previous column, but I'll make it again here:

The problem [with NSA surveillance practices] is not a privacy problem at all, but an accountability problem... Given the current lack of transparency, we don't know what rules govern who can see what data, under what circumstances, for what purposes, and with what consequences. We don't know if this sweeping data collection has led to mistakes or abuses that have harmed innocent people, and we don't know what recourse an innocent person would have if harmed in some way..

[T]here needs to be a mechanism to remedy [any] damage and impose appropriate consequences on government wrongdoers. If these data collection practices (or any similar past practices) lead to innocent people getting stuck on no-fly lists, or getting harassed by federal agents, or ending up wrongly detained, there should be a prompt, transparent, and fair means for them to challenge their treatment, see the supposed evidence against them, and get the problem fixed.

"Privacy" is a red herring in the debate about NSA surveillance (and many other kinds of covert activities). If we want meaningful reform, we need to set aside the rhetoric of privacy, and focus instead on creating genuine safeguards against the abuse of government power.

Alex Wong/Getty Images

National Security

Public Citizen

If our kids don't all have tracking chips, the terrorists win.

What if I told you that nine out of ten terrorist plots in the United States could be thwarted via a simple technological expedient?

It will be easy. At age 12 (or at whatever age he or she enters the United States), every U.S. citizen or visitor will be required to have a tiny tracking chip painlessly implanted in his or her forehead. The chip will be microscopic and almost invisible to the naked eye (although for a small fee, chips will also be made available in a wide variety of sizes, colors, and styles for those who prefer something a bit more decorative). Despite their small size, each chip will be equipped with a GPS, a camera, and an audio-recording device. The chips will be powered by the body's own heat, supplemented during the day by solar energy. They will be waterproof, tamper-proof, and non-removable, and they will relay a constant stream of real-time information to computers maintained by government law enforcement personnel.

Don't worry: These government personnel won't be snooping on you for prurient purposes. The data from your chip will only be accessed when the government has reasonable grounds to believe your data might be relevant to an authorized investigation into "known or unknown terrorists" who might be operating in the United States -- the same standard currently imposed by the Foreign Intelligence Surveillance Court for the collection of telephone records. (True, that's "metadata," but really: What data isn't meta?) For security reasons, the existence and rationale for any such investigations and data collection will naturally have to remain classified -- sorry about that! But careful protocols will be in place to ensure that the number of people with access to your chip's data is limited and that your data are protected from misuse.

Granted, since "unknown terrorists" are by definition unknown, and since almost anything might reasonably be imagined to be "relevant" to their equally unknown plots, a lot of people's chip data will end up being examined. Pretty much everyone's, in fact. But when it comes to our nation's security, we can't afford to take chances. You don't want another 9/11, do you?

Universal chipping will bring additional benefits, as well. Among other things, it will have a powerful deterrent effect on ordinary crime: Only the mentally ill and the dangerously impulsive will commit crimes when they know their every word and every action is being recorded. What's more, universal chipping will make lost people and objects a thing of the past. Stranded rock-climbers and hikers will easily be found by search-and-rescue teams. Absent-minded people who can't remember where they left their car keys can request copies of their own recorded data and retrace their steps until the lost keys are found. Even sin will be reduced: Spouses can sign pre-nuptial agreements pledging to share their tracking data with one another, thus reducing infidelity. Our world will be convenient, virtuous, and safe.

It will take a little longer to place chips on those who live in foreign countries, but that will come, too. Once other governments see how peaceful and law-abiding America has become, they'll want to chip their own citizens. We'll work out information-sharing protocols with our allies -- or hack into their chip software if they get nationalistic and stubborn on us. Some states and individuals will be holdouts, of course, but we'll find ways to incentivize universal chipping: We'll tie U.S. foreign assistance to participation in chipping programs, for instance. If we have to -- but only if we have to -- we'll find ways to chip foreigners by stealth: We'll design chips that can be implanted during routine vaccinations, ingested with food, or inhaled through the air.

Really, it's for everyone's benefit.

It sounds like the stuff of dystopian science fiction -- and as far as I know, such chipping technologies don't yet exist (and no one, not even NSA Director Keith Alexander, is advocating their development). But don't kid yourself: As the burgeoning NSA surveillance scandal should remind us, that world is right around the corner.

Consider the world we've already created for ourselves, with absolutely no help from the NSA: We already have those ubiquitous tracking cookies that nearly every website we visit implants in our computers. Your cell phone, your iPad, and your car's GPS system track your physical location. Traffic cameras, store security cameras, and EZ Pass toll readers add more layers of tracking and may soon be networked, allowing officials (and the companies that maintain the systems, and computer hackers) to follow the movements of specific cars and people. Facial recognition software makes it easy for anyone from the government to marketers to your old college fling to find pictures of you online and figure out where -- and with whom -- you like to hang out.

Your credit card records your purchases. Health insurance companies keep tabs on your medical records. Google knows your deepest desires. You store your data in "the cloud," which is roughly as secure as literally throwing your information up into the sky. (Remember: It's not your cloud. The physical servers that make up "the cloud" are owned by private companies, and current law treats all data left on a server for more than 180 days as "abandoned" and thus fair game for snoopers.) And you just can't resist the lure of social media, can you?

How long do you think it will be before someone -- most likely someone paid by the U.S. government, but perhaps by a foreign state, a large corporation, or any number of unscrupulous private actors -- comes up with a better and more efficient way to link all that information together, more or less in real time?

Throw in emerging government capabilities, and the possibility of truly universal surveillance gets even closer. Consider the military's "Gorgon Stare," a persistent wide-area airborne surveillance system that aggregates the images from multiple drone-borne cameras. Gorgon Stare, which is already in use in Afghanistan, enables analysts not only to watch the movement of individuals and vehicles in real time in an area as large as a city, but also to "rewind" to see where people and vehicles of interest have come from. Such systems will soon be able to combine visual data from cameras with data from other kinds of imaging and sensing devices. It's all a great help when it comes to figuring out where those IEDs are coming from, but don't you think we'll soon be tempted to use these technologies in other places and for other purposes?

Despite my general conviction that the end is nigh, I'm not usually paranoid about government surveillance. Maybe that's because I've worked in two presidential administrations and, in my experience, most federal employees -- even those in the intelligence community -- care about personal privacy as much as anyone else. More to the point, most government officials really, truly have better things to do than monitor your Internet habits just for the heck of it.

But even I start to get nervous when technology gets way out ahead of both ethics and law -- when we start to use surveillance technologies not because we really need to but simply because we can, and without much thought for the longer-term consequences.

Reading the latest NSA-related revelations has left me convinced that this is the situation in which we now find ourselves. We're monitoring Angela Merkel's communications not because we need to, but because we can. We're vacuuming up the phone and Internet data of millions of people not because we need to, but because we can.

Asked why he wanted to climb Mount Everest, George Mallory famously replied, "Because it is there." That's a bad reason to climb a mountain (remember, Mallory ended up dead) and a worse reason to start scooping up data on everyone under the sun. Yes, the data is there -- vast, tempting mountains of data -- but that doesn't mean the government needs to collect and monitor it.

Instead of running at a mindless sprint toward the kind of total surveillance society that would have given George Orwell the chills, we should slow down. More concretely, the president -- or Congress, if the president won't act -- should declare a moratorium on existing NSA mass surveillance and data-mining programs. Before we even consider starting them up again, we need to take the time to think through whether these programs are truly a good idea -- and whether existing law and policy can prevent both abuse and unintended consequences.

Does the nature of the purported threat -- terrorism -- justify so much surveillance and intrusion? No one can say, but it's doubtful. Threat assessments from our own intelligence agencies suggest that the threat from terrorism is far from existential. Administration officials claim that NSA surveillance has thwarted numerous terrorist plots, but the examples they give are fairly minor league. If there's more, they should say so -- and give details.

Against the questionable benefits of mass surveillance, we need to balance its unquestionable harms: most recently, irate allies who are now reconsidering intelligence-sharing agreements with the United States. But the harms of excessive surveillance are also more subtle: Is privacy becoming a fading dream? Do we want to inhabit a world in which there are no secrets? Is a marginal increase in safety and security worth a near-total loss of autonomy? Total surveillance enables total control -- and as technology marches on, will we be able to develop adequate legal and procedural safeguards to prevent a slow slide into totalitarianism?

Not if we don't slow down.