We’re always coming up with new technologies that affect privacy and surveillance. We’ve seen court cases over infrared heat detectors seeing people move inside a house. We’ve seen parabolic microphones and lasers that can measure the vibration of the windows from the sound in a room. We’ve seen massive computers that can scan a billion emails in a short time, and estimates of speech recognition tools that can listen to millions of phone calls.
Today we’re seeing massive amounts of outsourced computing. People are doing their web searching, E-mails and more using the servers of third party companies, like Google, Yahoo and Microsoft.
Each new technology makes us wonder how it can or should be used. The courts have set a standard of a “resonable expectation of privacy” to decide if the 4th amendment applies. You don’t have it walking down the street. You do have it in your house. You don’t have it on records you hand over to 3rd parties to keep, or generate with those 3rd parties in the first place.
But I fear that as the pace of change accelerates, we’ve picked the wrong default. Right now, the spooks and police feel their job is to see how close to the 4th amendment and statutory lines they can slice. Each new technology is seen as an opportunity for more surveillance ability, in many cases a way to get information that could not be gotten before either due to scalability, or the rules. Right now, when technology changes the rules, most of the time the result is to lessen privacy. Only very rarely, and with deliberate effort (ie. the default encryption in Skype) are we getting the more desireable converse. Indeed, when it looks like we might get more privacy, various forces try to fight it, with things like the encryption export controls, and the clipper chip, and manadatory records retention rules in Europe.
I think we need a different default. I think we need to start saying, “When a new technology changes the privacy equation, let’s start by assuming it should make things more protected, until we’ve had a chance to sit down and look at it.”
Today, the new tech comes along, privacy gets invaded, and then society finally looks at the technology and decides to write the rules to set the privacy balance. Sometimes that comes from legislatures (for example the ECPA) and more often from courts. These new rules will say to the spooks and LEOs, “Hold on a minute, don’t go hog wild with this technology.”
We must reverse this. Let the new technologies come, and let them not be a way to peform new surveillance. Instead, let the watchers come to the people, or the courts and say, “Wow, we could really do our jobs a lot better if we could only look through walls, or scan all the e-mails, or data mine the web searches.” Then let the legislatures and the courts answer that request.
Sometimes they will say, “But our new spy-tech is classified. We can’t ask for permission to use it in public.” My reaction is that this is tough luck, but at the very least there should be a review process in the classified world to follow the same principles. Perhaps you can’t tell the public your satellites can watch them in their backyards, but you should not be able to do so until at least a secret court or legislative committee, charged with protecting the rights of the public, says you can do so.
If we don’t set such a rule, then forever we will be spied upon by technologies society has not yet comes to grips with — because the spooks of course already have.