At a recent computer security and privacy conference here in Washington, Judge Richard Posner made headlines when he announced that privacy was “overrated” and existed mainly for the purposes of protecting criminals. According to published sources, Posner stated:

“Much of what passes for the name of privacy is really just trying to conceal the disreputable parts of your conduct,” Posner added. “Privacy is mainly about trying to improve your social and business opportunities by concealing the sorts of bad activities that would cause other people not to want to deal with you.”

Congress should limit the NSA’s use of the data it collects—for example, not giving information about minor crimes to law enforcement agencies—but it shouldn’t limit what information the NSA sweeps up and searches, Posner said. “If the NSA wants to vacuum all the trillions of bits of information that are crawling through the electronic worldwide networks, I think that’s fine,” he said.

In the name of national security, U.S. lawmakers should give the NSA “carte blanche,” Posner added. “Privacy interests should really have very little weight when you’re talking about national security,” he said. “The world is in an extremely turbulent state—very dangerous.”

Posner criticized mobile OS companies for enabling end-to-end encryption in their newest software. “I’m shocked at the thought that a company would be permitted to manufacture an electronic product that the government would not be able to search,” he said.

This observation about the lack of privacy (or more accurately, the lack of even the concept of privacy) comes at the same time that Internet activists have published the name, address and other information about the woman quoted in the UVA on-campus rape story, and hackers have published the names, addresses, social security numbers and other personal information about SONY employees and executives. In Posner’s world, this would be copacetic, since people shouldn’t expect things to be private. There is no real expectation of privacy, according to Posner.

I do not think that word means what you think it means.

This is another salvo in the “nothing to hide” crowd.  If you have nothing to hide, why should you care if the government (or for that matter, anyone else) can read your mail, listen to your calls, monitor your movements, etc.  I mean, for most people, it’s all boring stuff.

The problem is, we all have things to hide.  Not nefarious bit actual skeletons in our closet, but little virtual skeletons.  Things that are simply nobody’s business.  You know, like the kind of things that are filmed all the time on reality TV.  The fact that we really don’t like Grandma’s dessert, but were just saying that to be polite.  Or the fact that we think that Aunt Cassie needs to drop a pound or twenty.  Or that we secretly voted for a Libertarian candidate – I mean, it’s a secret ballot, right?

The Fourth Amendment recognizes this fact, stating that the RIGHT of people to be secure in their persons, places, houses and effects against unreasonable searches and seizures should not be infringed.  This comes from a long history of [British] government raids into Colonists homes – almost all of them in the name of “national security” – by that I mean, collection of revenue.

To create a broad “national security” exception to the conception of privacy would be to destroy the concept entirely.  The Supreme Court has said that the Fourth Amendment only protects those “reasonable expectations” of privacy – the user has to both have a subjective expectation of privacy, and that expectation must be objectively reasonable.  Under Posner’s argument, privacy is only for those engaged in disreputable conduct, trying to conceal it.  Thus, it would fail the “reasonableness” test.

This has profound consequences.  It doesn’t just mean that the NSA can collect telephone metadata.  It means that they can install cameras in your home (no need, Apple, Samsung, and Motorola have done that already).  As the barriers to collection and analysis decline, we can monitor almost all things about almost all people (except the truly bad guys who conceal their activities) almost all the time.

The government can track your kids movements on their way to and in school, know what foods you are eating (and where and when) and monitor your exercise through your FitBit, your reading through Amazon or Google, and friends through just about any social networking app.

But you’ve got nothing to hide, and therefore no expectation of privacy.

This is not only bad news for the privacy community, but also for the security community.  If privacy has no value, why protect it?  And breaches of privacy are no longer actionable, because privacy is only for people trying to conceal disreputable conduct.

It also means that we publish the names and addresses and phone numbers of crime victims (including rape victims), because, what do they have to hide?  It means that ANYONE can log in and find the location of anyone else at any time, ‘cause again, it’s public information, right?  And anyone can listen in to anyone else’s telephone calls or read their email.  Make everything one big party line.  That is, if the party is the Communist party of North Korea.

That’s what Judge Posner doesn’t get.  Privacy is for everyone.  In fact, it’s more important for the person who has nothing to hide than the one who does.  For the criminal, the government can, with probable cause and a warrant, overcome the expectation of privacy.

That’s what a “reasonable” warrant means.  Or, in the case of national security, if the government can show a compelling state interest and a FISA warrant, again, they can get the data.  The fact that the government can get the data does not mean that privacy is dead or diminished.  It means that it is protected, and that getting the data only occurs when there’s a warrant.

Judge Posner’s view may be the majority in the federal judiciary.  And that’s frightening.  Judges are asked all the time to sign warrants to allow cops to search and do all kinds of things.  And when they are asked to do this, the only people present are the cops and the prosecutors.  Given the low regard they may hold privacy in, it’s no wonder that they don’t see any problem issuing broad warrants.

All Writs

One area in which federal judges have been giving cops and prosecutors wide authority relates to an old statute call the “All Writs Act.”  The statute, 28 USC 1651 is very simple. It provides that federal courts have the authority to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

So there’s no explicit statute that permits the police to “sneak and peek” in someone’s trunk.  As for a writ.  No statute authorizing the use of some new techno-surveillance device (say x-ray specs?).  Get an order under the All Writs Act.  It’s the legal garbage can allowing a Court to issue orders.  Want permission to install a back door program, a key logger, a virus, a remote access program?  All writs is your game.

It has recently been reported in both the WSJ and Ars Technica that the police have been using the All Writs Act to compel smartphone manufacturers to unlock devices.  Apparently federal magistrates in New York City and Oakland California have relied on the Act to issue orders to compel companies like Apple to unlock phones seized by law enforcement.

No duh.  What else would they rely on?

Let’s get this straight.  The cops have a seized phone.  They have probable cause to believe there is evidence relevant to a crime on the phone.  And most importantly, they have a warrant to search the phone.  What they don’t have is the ability to unlock the phone.  In this case, the order compelling the unlock to Apple is clearly a “writ” “necessary or appropriate in aid of” the court’s other order – the search warrant.  It’s hardly controversial.

What IS controversial, however is the extent to which general writs like those issued under the All Writs Act can be used to generate policy generally.  For example, under the Communications Assistance to Law Enforcement Act (CALEA) the government can compel telcos to design their digital systems to be “tapable” by law enforcement (at the government’s cost.)

In theory, the government could have just used a writ under the All Writs Act.  Same true if the government wants to interconnect all closed circuit cameras in Los Angeles County to a centralized police monitoring station.  In theory, such a compulsion could be ordered under the All Writs Act.  But it wouldn’t.

The U.S. Supreme Court has held that the All Writs Act can only be used in furtherance of something that is already lawful – it can’t be used to bypass other laws or the Constitution.  If a statute or regulation sets out a procedure for doing something, you can’t bypass that procedure with a general writ.

In addition, the writ is intended to extent the Court’s authority to compelling parties to do something in aid of the Court’s jurisdiction.  Key word here is “something” not “everything.”  Thus, the assistance the court can compel under the act cannot be “unreasonably burdensome” to the party being compelled.

So the Court can compel a telco engineer to place the alligator clips in the right place to do a wiretap (in fact, the wiretap law already compels a certain degree of technical assistance), but cannot compel the telco to rewire a switch.  If the government wants to monitor a Facebook chat in real time, and Facebook has that capability, then they can do it.  If Facebook doesn’t have that capability, they can’t use the Act to compel Facebook to create that capability.

Similarly, the Court could order an ISP under the All Writs Act to retain the records relating to an account or IP address for a longer period than the ISP’s normal retention schedule.  But it could not compel the ISP to retain ALL records for a longer period.  That would be unreasonably burdensome.

It’s hardly novel that the government would seek the ISP’s assistance in unlocking a locked phone.  Hell, if I lost my iOS 7 phone’s password, I might ask Apple to unlock my phone as well.  Whether they would/could do it depends on what’s involved.  The more burdensome it is, the less likely it could be compelled under the Act.

In fact, it was because the government was routinely (or somewhat routinely) asking companies like Apple and Google to unlock seized phones that these companies have decided to not be in the phone unlocking business.

The new OS’s for both Android and Apple give the consumer the control over the locking of the phone – not Apple and Google, and therefore by proxy, not the FBI or NSA.  Naturally, the government has cried foul.

The All Writs act is a powerful tool the government can use to, for example, compel OnStar to turn on the GPS tracking or the cell phone in a car.  It can’t be used to compel OnStar to build a device for tracking cars.

Judge Posner is right that bad guys and people with something to hide want privacy.  So do I.  Does that make me a bad guy with something to hide?  Probably.  At least to the NSA.  But I wouldn’t want to be someone with nothing to hide.  Those people are boring.  And transparent.

Leave a Reply