Retaining Privacy for Ordinary Citizens

By John Palfrey

Posted on November 4, 2010

Early this week the Harvard National Security Journal published a forum on Concerns about Wiretapping the Internet. Professor John Palfrey participated in the discussion with a post that addressed meeting law enforcement surveillance needs while respecting the privacy interests of ordinary citizens. The following is Professor Palfrey’s entire post, re-published with permission from the author and the Co-Editor-in-Chief of the Harvard National Security Journal.

There is no doubt but that law enforcement officials need the means to track activities mediated through digital technologies. We carry out more and more of our lives through the Internet, mobile devices, and related technologies. Our lives are fast-becoming hybrid experiences, lived partly in physical space and partly in virtual environments. It would be a terrible mistake not to enable our law enforcement authorities to use the information that they can obtain from these communications methods to prevent a terrorist act or to bring a criminal to justice.

Terrorism is among the chief justifications for limitation of speech online and otherwise throughout societies. While we celebrate the ways in which information and communications technologies, whether digital or not, are useful to those who would bring democracy about around the world, it is equally important to realize that the very same tools can be useful to those who would harm other people. Digital communications tools are neutral technologies, useful for the activist, useful for the state, and useful for the terrorist.

But we need to focus, too, on the ordinary citizen and her daily life. We need to invest just as much effort in the task of ensuring that we protect civil liberties over the long-term as we are in building increasingly sophisticated surveillance tools into digital networks. Part of what makes digital modes of communication sustainable in the long run is the presence of a mix of environments, some private and some public. The distinctions between the public and the private online are increasingly blurred. We need to ensure that they do not blend into one another completely, or, worse, make the entire space completely public and discoverable in nature.

The way that an ordinary person can navigate a life that is partially digitally-mediated is to establish mechanisms for reasonably private communications in addition to obviously public activities online. Someone who chooses to write a blog under her real name, open a Twitter account on the public web, or participate in mobile geolocation services like FourSquare is plainly making a choice to share some of her life with everyone else in the world, potentially for eternity. She should recognize this fact and appreciate its significance. At the same time, she should be able to establish a means of communicating privately with her close friends or business associates by sending them an encrypted email, using an encrypted BlackBerry service, or sending a private message over a social network.

The ability of a citizen to create and maintain these separate spheres of public and private should not become an impossibility. We should not let privacy become a luxury that only the extraordinarily sophisticated or wealthy can enjoy. We should not force citizens of democracies to choose a life that is solely an offline existence in order to enjoy private spheres of life. We may need to add new substantive legal protections over time to ensure that this is possible.

The Internet is a surveillance-ready technology. Surveillance systems penetrate every aspect of life, especially in the digital environment. As a global society, we are implicitly consenting to the greatest invasion of personal privacy in the history of mankind. We may choose this path, but we should do so in the full knowledge of what we are giving up, today and, in some respects, for all time.

Nearly everything that we do through digitally-mediated technologies can be tracked and traced by law enforcement officials – as well as private parties. Once recorded, these communications can be ignored for the present but preserved and reviewed long after the fact, stored in increasingly inexpensive data farms. These communications can, in turn, be mapped back to individuals, their correspondents, the time and context of the communications, and the specific details of the interaction. Through technologies, these communications can be combined with other information to establish rich portraits of individuals and their activities over time. The sophistication that is possible through modern methods of surveillance make the surveillance practices of the past seem quaint.

If a state needs to track the activity of a suspected terrorist or other criminal, there are plenty of ways today to obtain information about them, including their online activities. Even communications that are encrypted end-to-end can be obtained by going to either the source or the recipient and obtaining the plain text that resides on one or both devices. In the United States, the Communications Assistance to Law Enforcement Act already requires that most telecommunications systems are “wiretap ready.” If we need to provide law enforcement more resources to use the tools and the processes that they have today to keep us safe, then we should do so. But any new proposal for additional online surveillance capacities should be balanced with equally strong provisions to protect the privacy interests of ordinary citizens, for whom privacy is becoming an increasingly scarce experience.

To read the full forum discussion, see Concerns about Wiretapping the Internet on the Harvard National Security Journal web site.


About the Author

Recent TAP Bloggers