NSA, PRISM, Digital Records: Are Americans Delusional in Thinking They Are Entitled to Privacy?
After the UK’s Guardian broke that the National Security Agency, or the NSA, in the U.S. had compelled telecom provider Verizon Communications to comply in releasing the telephone records of millions of Americans, public outrage began mounting. Shortly after that news broke, the Wall Street Journal had reported that Verizon isn’t alone in its “Share Everything” plan with the federal government, and that rivals AT&T and Sprint were also strong-armed into a same arrangement, all in the name of national security.
To make matters worse, a recent report from the Washington Post is alleging that the data collection extends to more than just phone records, with emails, IMs, search history, and other Internet records being acquired from tech giants like Microsoft, Google, Yahoo, Facebook, YouTube, Skype, AOL, and more recently even Apple.
In addition to those phone records, why already spurred public outcry in a nation that values an ideal called privacy, we now know that nine technology firms are ”extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time,” according to the Post in reporting that these companies are working with the NSA in a top secret project called PRISM.
The Guardian‘s story was later confirmed by the White House and members of Congress as saying that the government routinely seeks information in its fight to thwart domestic and international terrorism, and the Post alleges that a secret backdoor policy allows the government to tap into servers operating from the nine high tech firms.
All this makes for sensational news headlines and hot issues of debate and conversation, but do Americans have a right to privacy, especially in the online world of the Internet? I would argue that much of what the government is doing is legal, even without justification of the Patriot Act or homeland security arguments, when we view that the Internet is a public space.
Though there is no specific guarantee to privacy under the U.S. Constitution, the fourth amendment is often cited as guaranteeing protection to American citizens against unlawful search and seizure. The bill of rights assures the people “the right…to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
Under the strict constructionist view of the Constitution, your property–homes and cars–set the stage for the line drawn between public and private, and within your property, law enforcement officers must obtain a search warrant to obtain information, usually through a search.
The paradox with the Internet world is that since users are accessing the world-wide web from their homes or offices, they believe that they are in a private space. However, the Internet is a public space. If we draw corollaries between Internet presence and real-world presence, there may be little areas where privacy can be assumed.
If you’re shopping at Amazon.com, you are shopping in a private space in your home, but shopping is shopping, and it should not be viewed differently than going into Target, Walmart, or Nordstrom. The only difference is that with an online transaction, you may be more empowered to buy that swimsuit that may not be a size zero whereas you may not have the confidence to walk up to the perky sales associate in a store who’s a size 2 to pay for a size 8 suit. Still, at the end of the day, Amazon.com would still store record of your size 8 swimsuit and that boost of confidence you had when you hit the “Buy Now” button is only artificial as someone still did “see” you making that purchase.
Likewise, when you’re having a conversation through an IM service online, you may feel that the conversation is private, but it may be no different than chatting with a friend as you’re taking a leisurely stroll through Central Park and joggers nearby could overhear the topic of discussion.
So depending on the content or context, what you feel may be private may not translate that way legally, and the courts may interpret privacy differently, even if national security isn’t invoked.
Collection of Phone Records, Mail Addresses Are Legal Without a Warrant
Even without citing the Patriot Act, the collection of phone records (the numbers that you call, when you call, and how long the calls last) along with mailing addresses are legal without law enforcement authorities requiring a search warrant. Referring back to the expectation of privacy and the line separating public and private domains, we find that the addresses and phone records/logs are not protected while the conversation or mail content may be protected.
This means that while the content of the mail that you send via First Class or higher will be protected as there is a reasonable expectation to privacy, the shipper’s and recipient’s names and addresses on the package do not enjoy the same expectation to privacy and the police can ask the mail employee to report everyone you’ve corresponded with.
Similar principles could be applied, but with some alterations, to digital communications as well. The government had argued before that IP addresses, like mailing addresses, are not entitled to privacy.
Likewise, the content of your phone conversation would satisfy the reasonable expectation criteria, but your phone logs and records do not. In a few cases, the Supreme Court had held that you have given up your reasonable expectation to privacy when you freely give your telecom the number you wish to connect to. In essence, you’ve assumed the risk that this information could be shared with the government.
I’ve touched on a little about online transactions making a comparison between shopping at Amazon.com and a Nordstrom physical store as a reason why you should not have reasonable expectations of privacy. With the government monitoring servers of the largest names in technology, including Microsoft, Google, and Apple, they’ll likely be able to obtain what transactions you’ve made using Google Wallet, what games you’ve bought with your Xbox account, and the types of music and movies you’re watching on iTunes.
Do you have a right to privacy there? The government had argued before that information you reveal to a third-party could be revealed to others and that there is no reasonable expectation of privacy.
Here’s what the Electronic Frontier Foundation has to say about the matter:
As the Supreme Court has stated, “The Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.” This means that you will often have no Fourth Amendment protection in the records that others keep about you, because most information that a third party will have about you was either given freely to them by you, thus knowingly exposed, or was collected from other, public sources. It doesn’t necessarily matter if you thought you were handing over the information in confidence, or if you thought the information was only going to be used for a particular purpose.
This would cover anything from online purchases to telephone calls, data stored in the cloud, uploaded photos and videos to social media networks, and the bulk of the data mining that was revealed through the NSA’s PRISM project.
Perhaps, though, the biggest determinant of what constitutes a reasonable expectation of privacy, which is one of two criteria considered by the court in determining of a user should be afforded the right to privacy in a case, should be our behavior online. In the sharing and oversharing culture of social networking, little is sacred and private anymore. We are our own celebrities with fans, followers, and likes.
With real-world celebrities already having less privacy rights granted by the law, catapulting our very selves into celebritydom in the virtual world could be used as an example to strip some of those rights away if one drew a direct connection between the real and the virtual. By sharing more with our friends–or fans–we gain more likes and increase our virtual “Klout” score. In the same essence, we’re becoming more popular by revealing more. In that token, we can’t expect what we reveal to achieve fame to be kept private, else we would not have that fame.
And though you may try to shied your person and possessions from a warrant or warrantless search, there are still lower standards applied to those around you. Subpoenas, and a derivative of those called administrative subpoenas, may not be hard to obtain.
If information is deemed relevant to an investigation, a U.S. government agency or department could issue its own administrative subpoena without a court order to obtain records.
Such was the case with Golden Valley Electric Association of Alaska. The liberal 9th Circuit Court compelled Golden Valley Electric to hand over records it had for some of its customers after the Drug Enforcement Agency, under the Department of Justice, had issued its own administrative subpoena requesting information on an on-going investigation.
By their very nature, the concern here is that administrative subpoenas are not only easy to obtain, but are issued by the same agency that’s doing the investigation without any court or judicial oversight.
Privacy in a Broader Context
And though the debate, outrage, and cries that the U.S. has become a surveillance state no better than China in regards to privacy, the broader context of privacy should still be examined, regardless of the fact that we may have given up that right when we signed up for Twitter and began uploading incriminating photos for the world to see and share.
For one, this sparks a renewed interest over wearable computing technology and issues of privacy that these new devices may have.
Google had hinted that the future of smartphones will be about collecting even more data through embedded always-on sensors. That may be the vision of the Internet giant to be able to monitor, predict, and anticipate your every move in order to best serve you and deliver relevant information. In essence, by partaking, you’d be giving up some privacy in the hopes of having a smarter phone and smarter service.
And Google Glass itself is already drawing big debates. Not only are there privacy issues on the part of the wearer of Glass, but also given the fact that there are cameras and microphones that are always present and could be discretely recording at any moment, there are privacy concerns for those who may be standing in close proximity of Glass wearers.
Benjamin Franklin had once said, “They that can give up essential liberty to obtain a little safety deserve neither liberty nor safety.” We’ve already given up some liberties in order to obtain a bit of safety when we condoned to the Patriot Act. We cannot go back in time to change the past nor can we regain what we had given up. The federal income tax was enacted to provide temporary funding in time of war, and over a hundred years later, we’re still paying income taxes.
There will be an increasing confluence of technology and communication mediums that will beg for more concrete definitions. VoIP, thanks to faster Internet connections, may either be classified as an Internet medium or a physical phone call, and to what privacy standard should it be afforded, if any?
What we can do is to define privacy for the modern era, and we need to do this to better construct laws that will protect us online and protect us in the real world. Balancing safety and privacy is a tough act, but one that could only become reality if we have a clear idea of what privacy means, both in the virtual and the real, rather than the ideological definition that as Americans, we’re entitled to this concept.