This is continuation of discussion with Sunil Abraham and Steve Song. It got a little too long for a comment.
The problems under discussion are difficult. So it’s good that we have an active discussion.
We could have a discussion about all sorts of approaches to privacy. But let’s focus on what the practical problem is. It is not about companies collecting data about their customers. This is something else, that which is most permeated by power. This is at the core of state power. This is about its monopoly on the means of violence. So it is a little difficult to extrapolate from companies collecting data on their customers.
The state will not implement its surveillance policies according to a model that we propose. First, we have to understand what their model is and what the thinking of government functionaries (GFs). Then, perhaps, we can try to gently modify it.
I do not think it’s easy to get in the heads of government people. But having been in government in a terror plagued country, perhaps I have a small advantage.
CYA is the prime directive of all GFs. You have seen the aftermath of any terrorist bombing: the Senate committees, the media outcry, the endless finger pointing. This leads to CYA on steroids in the security sphere.
So what a GF wants is evidence that he/she has taken all possible precautions. Here we’re dealing with pre-event surveillance (a helpful distinction made by Sunil). There is a tendency to conflate pre- and post-event surveillance. Let’s try to avoid that.
There is a tendency also to separate the physical and the virtual worlds. But that distinction has long been obsolete for law-enforcement. They see the physical and virtual as a seamless unity.
The proposal that, somehow, all the reasonable causes will be discovered in the physical world and then selective surveillance would be let loose in the virtual world is naïve. It will be difficult to roll back practices based on the CYA imperative combined with the strength of years-long practice of combining the virtual and physical. And you must remember the convenience factor: compare analyzing mobile TGD or even listening into tapes of conversations with physical surveillance. What would you choose?
The deep interest everyone in counter-terrorism has is preventing terrorist acts, not simply catching the bad guys after the fact. You and I may, in theoretical terms, say that we will choose a small number of casualties and greater liberty over zero casualties and diminished liberty. But no practical politician can say that on the record.
I have not been monitoring Rand Paul’s utterances, but he’s the only one I am willing to concede may say what you say. And he will never get elected to high office as a result. After the bomb goes off, the only correct answer is that one casualty is one too many (I almost feel like I’ve said this myself, will check). So this is the core problem and perhaps the core difference in our views.
GFs/politicians are working on the assumptions that
• one casualty is one too many
• there is no difference between the physical and the virtual
• CYA is the prime directive
Therefore, it is unlikely that we will have a retreat from the monitoring of 100% of metadata of communication.
In my opinion, the US is among the countries that place the weight on the written law. In its perverse way, the use of FISA court orders demonstrates the point. Many other countries do all sorts of things that are completely off the books. Yet, even in the US significant off-the-books, informal surveillance happens all the time. When I was living in the US, Cincinnati Bell employees were caught doing this. Then it was not n=all. Now it appears that some program called Hemisphere has been sucking in large amounts of meta data and using models to associate numbers of “burner phones” used by criminal gangs to actual individuals. The defendants identified by this method were challenging the legality of the “search.” The defense was likely to rest on Smith v Maryland that allowed government to access “pen record” (who called whom) information. The case US v Ortiz was before the US District Court in San Francisco when I was there in January 2014. It will take some time for settled law to emerge.
In another case being heard in SF at the same time, US v Diaz-Rivera, 70,000 calls from 600 phone numbers including the usual time-date information but also information on which direction they hit the BTS were in play. Details are here.
As long as people actively try to disguise who they are (e.g., use burner phones), the police will use counter-measures. If effective counter-measures are not possible within the current laws, the laws will be changed with popular support. When individuals, for whatever reason, try to make fuzzy the relation between a person and a phone number, it is unrealistic to expect the kind of neat division Sunil envisages between the suspect minority (let’s not get hung up on whether it’s 2 or 20 percent, since I did not anchor my original comment on a specific number) and the non-suspect and ought-to-be-surveillance-free majority.
So I do not see much progress of the type that would make us happy on the pre-event surveillance front. On the other hand, Obama is retreating on post-event surveillance of US citizens. But it is an open question whether this will be followed by other countries. It is almost certain that the US will continue to record and store massive amounts of data about non-citizens. Here, Snowden disclosures show it’s not limited to meta data, but also to actual conversations.
The new administration position, supported by Feinstein, is that the government will not warehouse multiple years of telephone TGD (I guess they will find another use for that Utah data center). The companies will hold the data and will yield subsets on basis of court-approved orders. I am not sure this will be seen as a big improvement, but please note that non-US citizens will continue to be fair game. None of the safeguards apply to us. And recall, only the US is having a debate. GCHQ and the Australians and everyone else is keeping quiet.