The question of government surveillance is getting major play now, and we’re forced to examine the protection of privacy in the Constitution. But the basic issue is whether we are now more vulnerable to government abuse. Based on the published Snowden leaks, I think we are, but this can hardly be surprising after 9/11. We were always aware that the Bush2 policy was to expand surveillance into all electronic contacts, both public and private, as necessary to combat terrorism. Ostensively, that is. As we’ve seen many times before, the executive branch often finds reason to consider its own political opponents as “enemies” of the country as a whole, and can hide such activity in the name of “national security”. But that problem will remain even if the we make a new legal definition of the right of privacy. No, the difference today is the increase in the amount of publicly available information about each of us, and the ease with which it can be learned.
Changing the rules is inevitable because of the sheer number of electronic communications that are made each day, all of which are retrievable from the internet and the records of public carriers. As Fareed Zakaria has pointed out, the data is entirely in digital form and is permanently stored in the “digital cloud”. But we should remember that the mere collecting of this data is not an invasion of privacy per se, at least not in the traditional sense. Privacy is only invaded when someone is actively looking for something, and inspects your records or property to find it. That still exists, of course, but the revelations in the leaked information concern this new kind of surveillance. This data is apparently being stored without any intent by a government official to target a particular person. It is contained in all of the electronic communications we make every day. They are permanently stored, and can be accessed by the government, or, for that matter, by anyone else. They are thus a tool for a potentially greater abuse of privacy than anything we have experienced before.
The new rules must be different from the previous ones, which were mainly for pre-selected monitoring of our activities by government agencies. Wiretaps and the like must still be reviewed by impartial judicial officers. They are usually predicated on some evidence of ongoing criminal activity, and this must be sufficient to avoid fourth amendment preclusion. But that was the old game; before the “cloud” became the permanent storehouse of data that used to need a search warrant to access.
Still, although the existence of this stored data is disturbing, the very nature of electronic records allows us to prevent potential abuse by the government in ways that we never could before. This is because it’s not the collection of the personal data – whether phone calls or other records – but how it is accessed and used that matters. This is different from J Edgar’s time, when agents could target “enemies” at will. Now the data is collected robotically, often with no human judgment involved. It’s not the collecting of the data that endangers liberty, but the uncontrolled access to it. Consequently, if we devise rules to keep access under tight control, with the fullest protection of civil liberties, there is much less danger of abuse. It is certainly possible to create software that bars access to any citizen’s personal data unless the user is an authorized person and who, most importantly, states the exact reason to see it. Also, most importantly, that the search itself be recorded. After all, you cannot prevent robotic searches of the data; not in the age of terrorism. But you can require procedural notice to any citizen identified in a search, and that it not become part of any permanent record of that citizen without good reason.
It could work like this: each time a government official has reason to scan and index the data – using a kind of keyword search – an official request needs to be filed that an independent judge would review and approve before any access is granted. Until then, the government would not be able to know the content of the data in any way. While the government would know that there is a repository of our private communications in a specific place, it could not scrutinize any of it secretly. Congress should be able to codify such a system by adopting strict standards for allowing an agency to see the data, and to assure total compliance by having firewalls and safeguards embedded that could immediately cut off any unauthorized attempts to use it.