Carnegie Reporter, Vol. 2, No. 1 | Homeland Security and Privacy Striking a Delicate Balance, page 3 (low bandwidth)

Protecting Against
Abuse and Misuse
Although we cannot always be sure whether or not security measures will keep us safe, we can be certain that there’s a good chance they will be abused and used in ways we never intended. When tavern owners began using bar-coded drivers licenses to keep out underage drinkers, they were surprised—and delighted—to realize that they ended up with a database of names, addresses, ages, even social security numbers that could be exploited for marketing.

Video surveillance has created even more notorious opportunity for abuse ranging from male operators using the system to zoom in on women’s body parts (sometimes preserving an image as a wall poster) to a kind of virtual profiling system with cameras focused on individuals from a particular ethnic group. (Jeffrey Rosen found these misdeeds flourishing under the British surveillance system). Yet, as of this writing, police officers in our nation’s capital have 14 cameras in use that have the ability to link up with and access hundreds of additional cameras in the city’s schools and subways, and at a recent meeting in Washington, D.C., city officials admitted there were no standards in place regarding where the cameras could be installed, who could monitor them or how long the information would be kept on file.

In the private sector, video Peeping Toms have thrived, hiding cameras in dressing rooms, restrooms and bedrooms. The law, as usual, has had to play catch-up. Some egregious violations of privacy, such as secretly videotaping lovemaking, have gone unpunished simply because there was not yet a law that said it was wrong.

We agree to give up our privacy to be more secure, not to assist marketers, entertain bored security guards, or worse. Some of the abuses and misuses of security measures are relatively harmless, some are devastating and many are preventable. There is no reason to set up security systems that practically invite abuse. Safeguards can be built in from the start, through both law and technology.

When privacy issues began to gain attention in areas other than homeland security, they were not only a major consideration in the development of new products, but also became a selling point. For instance, when a supermarket chain’s frequent buyer card was exposed as a means to collect data about shoppers, a rival chain touted its own “privacy friendly” card. When the Internet marketing giant DoubleClick admitted it used “cookies” to amass information on unsuspecting web surfers, it was a disaster for the company and gave bragging rights to competitors who did not “put their hand in the cookie jar.” And recently, Microsoft introduced Palladium, a new system kicking off a mind-boggling long-range plan to change the architecture of personal computers as we know them, in large part to address privacy concerns. When privacy becomes a priority, resources and ingenuity go into creating new possibilities for protection.

There is no reason the same effort and energy cannot be applied to homeland security measures. The NRC’s proposed Homeland Security Institute, or something like it, could harness our best brains and resources to devise measures to keep us safe and protect privacy at the same time. We can also do a better job of protecting privacy in legislation that authorizes intrusive measures. When Congress gives law enforcement new or broader powers to listen in on phone conversations or read e-mail for example, the increased access can be restricted to cases of suspected of terrorism. It can even be stipulated that such access is extraordinary and not to be extended to traditional law enforcement concerns. Any new security measures should also include protection against abuse, backed up by strict sanctions for those who misuse them. If a statute is enacted in an emergency, it should contain a “sunset” clause providing for its expiration at a set time. After rigorous review of how well a law has worked and evaluation of the alternatives, a law may be reinstated.

Congress took some of these steps in October 2001 when it passed the mammoth USA Patriot Act. The Patriot Act gives law enforcement sweeping new powers of surveillance, among them: greater ability to share information among different law enforcement groups; greater authority to use “sneak and peek” warrants to conduct a search without notifying the target (e.g., searching your home when you’re not there); and the new power to obtain information about an individual’s Internet activity simply by “certifying” that the information is “relevant” to an investigation (critics liken this search to demanding that a librarian reveal all the material you perused at your local library).

Congress was able, in just a few weeks, to pass this 342-page law, which amends some 15 statutes because, in essence, the blueprint for it had already been drawn. Law enforcement agencies had been trying to get this kind of authority for years. In the immediate aftermath of September 11th we were willing—eager really—to give the authorities the benefit of the doubt. But now, law enforcement and Congress should do their part to assure us that these were indeed the right steps to take. The new surveillance powers were justified as essential to fight terrorism, but the claim began to lose credibility when, in some instances, such as the “sneak and peek” warrants, the new authority was extended to all criminal investigations. Many of the provisions have a sunset clause of 2005, but the most controversial one, lowering the standard for surveillance of Internet use, does not. All of the provisions should have sunset clauses and Congress, in its oversight role, should make them meaningful.

Next page: Historically, new security measures never turn out to be temporary.

Page 1 | 2 | 3 | 4