I have already written about how a federal judge in New York ruled that the NSA’s collection of the telephone toll records on every call made is constitutional because, the court opined, all of these records could become relevant in a terrorism case. If any relevant document exists, all documents helpful in finding that document are then relevant, according to the Court.
However, the Court went on to reject other claims of the ACLU, the most significant of which was the data “quantity” vs. “quality” argument. The ACLU had argued that the collection of every record of every telephone call made by every person was substantially different than the collection of a few days of telephone calls made by a specific individual, which the Supreme Court approved in Smith v. Maryland.
Big data reveals patterns and information not obvious. Just because a person has no “reasonable expectation of privacy” in the fact that they have crossed the street at Broadway and 43rd Streets, does not mean that you now have carte blanche to follow them everywhere they go for the rest of their lives. Or so the ACLU argued. The federal court disagreed.
In fact, the New York court found that the narrow, targeted and well-defined subpoena that the government issued to the Maryland phone company to get the records of a specific individual (Smith) to trace his threatening and intimidating calls to a single phone number associated with the person he forcibly robbed was more of an infringement of privacy than permitting the government to obtain the records of every call everyone makes every day, with no suspicion that they are engaging in any unlawful activity.
The Court noted that “the privacy concerns at stake in Smith were far more individualized than those raised by the ACLU. Smith involved the investigation of a single crime and the collection of telephone call detail records collected by the telephone company at its central office, examined by the police, and related to the target of their investigation, a person identified previously by law enforcement.”
Thus, the court inferred, the narrow subpoena was a greater infringement of privacy than the expansive one, and if the Supreme Court permitted the narrow subpoena, then clearly the expansive (and less invasive?) one is Constitutional.
The New York court went on to note that there are lots of records the NSA could get in bulk with a simple subpoena or other legal process, because Courts have found that people have “no constitutionally protected expectation of privacy” in these records. This includes accounting records, Internet subscriber information, information from a home computer that is transmitted over the Internet or by email, information provided to a Facebook “friend.”
The Court makes several mistakes – some of Constitutional proportions – in its privacy analysis.
Quantity/Quality
The Court assumes that a targeted subpoena for records infringes privacy interests more than a broad sweep. Sometimes yes, but usually no. Clearly there is a huge difference between the government monitoring traffic on the Long Island Expressway (broad but not invasive) and monitoring my individual whereabouts (narrow and invasive). But this analysis does not take into account the fact that the bulk-data collection program (and its likey progeny) will be both broad and invasive. While the court notes that the NSA has eschewed specific kinds of data mining of its call log data, the mere fact that it can engage in such mining is an infringement on privacy and liberty, and chills free speech and other protected rights.
Call log analytics can and does reveal the nature of relationships between parties, the content of their communicaitons, and other intimate details. When a Missouri prosecutor subpoenaed the records of a motel near an abortion clinic in a state that had a 2 day waiting period, he was really looking for records of medical diagnosis and treatment.
Subpoenaing the phone records of a criminal defense lawyer to determine not only the names of his clients, but also the names of witnesses interviewed, the identity of experts to be called, and other privileged information. If a criminal defense lawyer were to subpoena the cell phone records of the prosectutor, the agents and the cops in order to find out what witnesses were (and were not) interviewed by the police, do you think the government would argue that these “third party” records did not belong to the prosecutors, or that they had “no expectation of privacy” in these records? I think not.
The problem is exacerbated by volume. The more records that are collected, the greater the invasion of privacy. It is fundamentally different to know who SOMEONE calls for a discrete period of time than to know everyone they have ever called, and even more so to know everyone everybody has ever called. It is simply inaccurate to state, as the Court did, that the privacy concerns are greater in the narrow subpoena.
There is another problem not addressed by the Court. The fact is, we “expose” much more information to the “public” in 2014 than we ever did in 1989. We walk around with devices that collect and share information about our whereabouts, movements, sounds, preferences, purchases, relationships, associations, and communicaitons. Much of this information is collected by third parties or shared with third parties incidental to its use. Indeed, hardly anything we do is not, in some way recorded and shared. Even things we type and don’t send are recorded and shared with third parties (see, Facebook class action lawsuit).
If you watch a movie – there’s a third party record. Listen to a song – third party record. Work out at home – third party record. Read a book – third party record. Change the channel on the TV? Third party record. Fast forward through a commercial. There’s a record of that too. Not only is there a third party record of everything you purchase (by credit or debit card), but even when and where you bought it, and what you were wearing when you did (video surveilleance).
With the Internet of Everything, we will be exposing even more. We will be constantly under surveillanec by a host of sensors which will record what we eat, whether we exercize, where we are and what we are doing (and with whom).
Even the data that was previously being collected (like phone call records) can be sliced and diced in ways unimaginable in 1999. It’s one thing to try to find out who is calling whom, but we now have the ability to infer (with great accuracy) a persons’ religious affilliations, political affilliations, medical and employment conditions, where they went to school, who they keep in touch with, and other intimate content information from just analyzing their call patterns.
With big data comes big responsibilities. Massive changes in quantity and analytics creates a new paradigm. We cannot ignore the privacy implications. We have to address them.