A mystery gunman who allegedly fired 700 road-rage-inspired bullets at German drivers during the past five years was finally arrested in late June. Digital sleuthing was credited with ending the reign of driving terror. Germany’s E-ZPass-like system is off-limits to law enforcement, so police set up a temporary network that tracked license plates on the road and used the data to catch the suspect.
While the arrest has been celebrated, civil rights advocates have complained that thousands of innocent drivers were also caught up in the police dragnet, and have questioned its legality. The argument might sound absurd to American ears — would Germans really rather be shot at than have their license plates recorded? — but Germans are more sensitive to government overreach than Americans. A rabid debate about security and privacy has begun.
As the Edward Snowden affair enters its second month, Americans don't seem to have much appetite for the subtlety of such a debate. The Prism leak discussion has been framed repeatedly as a zero-sum game, pitting privacy on one side and security on the other.
"You can't have 100 percent security and also have 100 percent privacy," President Obama said on June 7, in his principal public statement in the issue, suggesting there is some dial which forces government officials to pick one over the other.
It's a false choice, say many security experts.
"I've never liked the idea of security vs. privacy, because no one feels more secure in a surveillance state," said Bruce Schneier, security expert and author of Beyond Fear: Thinking Sensibly About Security in an Insecure World. "There's plenty of examples of security that doesn't infringe on privacy. They are all around. Door locks. Fences ... Firewalls. People are forgetting that quite a lot of security doesn't affect privacy. The real dichotomy is liberty vs. control."
Dan Solove, a privacy law expert at George Washington University Law School, said the privacy vs. security framing has interfered with what could be a healthy national debate about using high-tech tools to fight terror.
"You have pollsters and pundits and (National Intelligence Director James) Clapper saying, 'Do you want us to catch the terrorists or do you want privacy?' But that's a false choice. It's like asking, 'Do you want the police to exist or not?'" he said. "We already have the most invasive investigative techniques permissible with the right oversight. With probable cause you can search my home. ... People want limitations and transparency, so they can make a choice about how much surveillance (they) are willing to tolerate."
By creating an either/or tension between privacy and security, government officials have invented a heavy weapon to wield against those who raise civil liberties concerns, he said. It's easy to cast the choice in stark terms: Who wouldn't trade a little personal data to save even one American life?
An honest, open examination of surveillance programs might show the choice is not so simple, says Ashkan Soltani, an independent security researcher.
"The government feels like they need all this information in order to do its job, that there can't be security without them having access to everything. Well, that's a lazy or shortsighted way of seeing things," he says. "The idea I reject is that you need to violate everyone's privacy rather than be better at your job of identifying specific (targets).'"
Casting such wide nets is also ineffective, he argues. Collecting mountains and mountains of data simply means that when the time comes to find that proverbial needle in a haystack, you've simply created a bigger haystack.
"Law enforcement is being sold bill of goods that the more data you get, the better your security is. We find that is not true," Soltani said.
Collecting data is a hard habit to break, as many U.S. corporations have discovered after years of expensive data breaches. The NSA’s data hoard may be useful in future investigations, helping agents in the future in unpredictable ways, some argue. Schneier doesn't buy it.
"The NSA has this fetish for data, and will get it any way they can, and get as much as they can," he said. "But old ladies who hoard newspapers say the same thing, that someday, this might be useful."
Even worse, an overreliance on Big Data surveillance will shift focus from other security techniques that are both less invasive and potentially more effective, like old-fashioned “spycraft,” Soltani says.
Soltani is worried that Americans, despite their vocal complaining about Washington politics, have forgotten history and are too trusting of their government when it comes to the exchange of liberty for safety.
"Right now, the abuses seem theoretical. There seems to be a lack of historical context, a lack of cases where the government has abused power," he said. "People seem to have forgotten about J. Edgar Hoover."
In fact, Solove has a test he uses to consider every extension of government power, what might be called the "Hoover test."
"Put J. Edgar Hoover in charge of the program. If your reaction is 'Yikes!' then there isn't adequate protection built in," he said. "One of the tests should be is how do we feel if we don't like the people in charge, because we don't know who will be in charge of it in the future."
The German motorway shooter example is instructive on how a system that provided both security and privacy might work. Police never considered acquiring all data, or demanding it from outside firms. They set up their own temporary collection tool, and German privacy officials are already demanding that the 60 to 80 million records collected from innocent people be handled with care.
In the world of email or mobile surveillance, it would be possible to imitate this example, Schneier says. Internet and phone record collection should not be indiscriminate, but limited, focused and temporary.
"Here's the middle path: transparency and oversight," he said. "We've already recognized that police need extraordinary powers to violate privacy ... but we have to recognize that when you give someone the power to violate privacy, that power is ripe for abuse."
Government officials have often said that oversight itself must be a secret: Mere disclosure of the existence of government surveillance programs tips off the terrorists. Schneier rejects this.
“So they tell the terrorists they are eavesdropping on email. What's the problem? We assume the terrorists don't know? This is fanciful nonsense," he said.
I'm sure you can guess my opinions on this subject. But just in case, I'll elucidate.
When a governmental official talks about security, what he/she is really talking about is control... i.e. the government having control over our daily lives. In the mind of a politician, herding the sheeple keeps them safe. So they feel that the more power they have over the people, the safer the people will be, because naturally the government has our best interests in mind, and obviously the people shouldn't be left to take care of themselves.
I personally disagree with that entire paradigm. The government does NOT have our best interests in mind. As a matter of fact, most politicians have THEIR OWN best interests in mind. Plus, governmental agencies are not as effective as they would like to believe, when it comes to security. Plus, the kinds of jobs that have officers overseeing citizens tend to attract control freaks. Control freaks don't necessarily have the safety (or privacy, or whatever) of their subjects in mind. The control freak just likes to exert control over people. Look to the TSA for many examples of that.
I also disagree with the "brute force" approach to collecting data. It involves hoarding mountains of data, and then having supercomputers sift through it for clues. This approach to collecting data is extremely inefficient, and disrespectful of people's privacy. Plus, those mountains of data can be (and have been) exploited by hackers and leaks. Not only that, but the data can be exploited by the government officials themselves.
Let's face it; everybody does something questionable from time to time. And now, every minor transgression is being recorded, for later exploitation. Combine that with the "zero tolerance" policies that are so popular nowadays, and you end up with a society where anyone can be nailed to the wall at any time for anything. I can't think of a more oppressive environment to live in.
So ironically, the measures that are supposedly keeping us safe are actually not keeping us very safe. And in the process, everyone's privacy is being eroded. In other words, when it comes to safety vs privacy, we're actually not getting much of either.
[This message has been edited by Blacktree (edited 07-07-2013).]
"The government feels like they need all this information in order to do its job, that there can't be security without them having access to everything. Well, that's a lazy or shortsighted way of seeing things," ...
That's worth repeating. The "lazy" way is just to collect everything possible, and then let someone else sift through it, possibly at some time in the future, to discover potentially meaningful information. It requires time, thought, and effort to reasonably narrow the scope of surveillance in advance.
