Yesterday the Senate had two votes related to the Foreign Intelligence Surveillance Act and President Bush devoted a portion of his State of the Union Address to a call for an extension of his surveillance authority and for immunity for telecommunications companies who cooperated with his administration in surveillance operations. But questions surrounding surveillance are far more pervasive than even this controversy suggests. No Comment puts six questions to Christopher Slobogin, a law professor at the University of Florida widely regarded for his work in the area. Professor Slobogin’s new book, Privacy at Risk: The New Government Surveillance and the Fourth Amendment, has just been published by the University of Chicago Press.
1. As you note, we are on the threshold of a new kind of surveillance culture, pushed at least in part by technological breakthroughs that make widespread surveillance much easier than at any time in our history. I was amazed listening to a presentation by British counterterrorism authorities last summer in which they described how they approached investigating an incident–their footwork was made much easier by the fact that all of central London is covered by CCTV, so they were able to trace the perpetrators back many steps by quickly referring to tapes from many different locations and watching the suspects’ movements. In Britain this seems to have transpired without very effective opposition from civil liberties organizations, and it seems to be broadly accepted, notwithstanding its Orwellian connotations. It may be a demonstration of the thesis that Hamilton put forward in the Federalist No. 8, namely that a society will always accept curtailment of its liberties as it perceives its security is at risk. But jumping over the Atlantic to a country with a stronger civil liberties foundation, the United States, what are the prospects you see, practically speaking, for the United States following the British model and moving to a widespread public system of CCTV monitoring in major urban areas? What obstacles do you see in the way?
As I point out in Privacy at Risk, we are well on our way to a CCTV system like the one the U.K has, and perhaps one that is even more pervasive. Since 9/11, the federal government has poured millions into CCTV, with the result that cities like Chicago have hundreds of overt and covert cameras, equipped with zoom capacity and nightvision, all of it digitized so it can be easily transmitted to appropriately equipped squad cars. Most city governments seem quite eager to set up such systems, as long as the federal government provides the money. The reasoning behind these steps is simple: cameras appear to deter and prevent crime, so why not?
The analysis isn’t that simple, however. According to research here and in the U.K., cameras only reduce crime a small amount, around 5%. Oakland removed its cameras because they were so ineffective and costly, Washington, D.C.’s multi-million dollar camera system has helped police solve only a couple of crimes since 2001 (none of them serious), and in London property crime has increased significantly since the advent of cameras. Why this trivial effect? Even with high definition cameras, operators have difficulty seeing whether crime is occurring and who is committing it. Cameras can’t cover every nook and cranny. Criminals know how to operate without revealing their identities. And finally, to the extent crime is reduced in one area, it often simply moves to an area with no cameras.
Research from the U.K. suggests that hiring more cops is probably less expensive and more efficient than cameras. This is not to deny that cameras can be helpful in many instances, especially inside stores and public buildings. They also were apparently very useful in solving the London bombing. But it took two weeks to trace the bombers using London’s camera system. Traditional forensic work, using clues from the bomb scenes, might have been just as efficient. And in the meantime, cameras can be used inappropriately–to monitor innocent but embarrassing activity (such as visiting psychiatrists, lovers or liquor stores), to harass minority groups, and even as a basis for voyeuristic TV shows, all of which has occurred in Great Britain. My research indicates that while people see CCTV as relatively innocuous in the abstract, when they realize recordings are kept they change their minds. Even when recordings are preserved for only 96 hours, people view CCTV to be more intrusive than police roadblocks (which are regulated under U.S. law), and if the recording is permanent they view it to be almost as intrusive as a search of a bedroom.
2. The question of review standards for the approval of surveillance sits at the heart of your book. You advocate a “sliding scale” approach in which the more sweeping and intrusive the surveillance, the greater the burden on the government to justify it. The alternate approach is the old “probable cause” standard. But while weighing in for the “sliding scale,” you echo Tony Amsterdam’s warning that it will be far more complex–as he says, “one immense Rohrschach blot.” Of course, logic usually favors the elegance of simplicity. Why are you prepared to go the “Rohrschach” route?
Even current law recognizes more than one standard: Below probable cause (equivalent to something like a more-likely-than-not standard) there is reasonable suspicion, for instance. But it is true that the Supreme Court and many commentators believe that adherence to a single standard of probable cause is generally a good idea, in part because it’s easier to apply and in part because of a belief (at least on the part of many commentators, if not the Court) that recognizing other standards will water down constitutional protection. Yet adhering to such a tough standard puts incredible pressure on the courts to require it only in narrow situations, thus leaving most police investigative actions completely unregulated. That is what has happened with CCTV, subpoenas for records, data mining of our personal records and a host of other situations. As I document in Privacy at Risk, all of these government actions are unregulated by the Constitution because if they were regulated the government would have to demonstrate probable cause to carry them out, which it will often be unable to do, to the obvious detriment of law enforcement. If instead the government only needed to demonstrate reasonable suspicion or some lesser standard for actions that are relatively less intrusive, CCTV, subpoenas and data mining–which are usually less intrusive actions than interceptions of phone calls or searches of bedrooms, the paradigmatic probable cause scenarios–could be subject to regulation and still take place. In other words, a sliding scale approach prevents low level surveillance at the government’s whim, but permits such surveillance short of probable cause.
3. You avoid discussion of the current national security driven debate focusing on the Foreign Intelligence Surveillance Act. It would appear to present an extreme test for the “sliding scale” in that it would concern communications involving just about everybody. But the government’s claim of danger is also extreme. Spin this out for us. How would you counsel a FISA Court judge to apply the “sliding scale” approach in dealing with a request to approve a sweeping data mining program put forward by the government?
Our communications express our intimate views and deserve the greatest privacy protection. Even if a conversation involves a U.S. citizen and someone overseas, I would require probable cause before the government could intercept it, just as with domestic surveillance. If instead the government is trying to access phone or email records of “envelope information”–phone numbers dialed or email addresses accessed–a sliding scale approach might not require as much suspicion because the intrusion is not as great. Original reports stated that the National Security Agency’s post-9/11 surveillance effort only involved the latter type of program, but more recent reports suggest that AT&T and other telecoms were funneling the content of communications as well as envelope information to the National Security Agency, an action which should have required probable cause.
Efforts to fight terrorism are important. But an inchoate fear of terrorism should not trump all other considerations. In Privacy at Risk, I recognize an exception to the justification levels I just described when the government can demonstrate concrete, significant and imminent danger. But the mere assertion that massive surveillance is necessary because of a vague, general threat of terrorism is not sufficient. That kind of reasoning is a recipe for ditching the Constitution, giving the government carte blanche to intrude into our lives, and vastly expanding government officials’ opportunities to pursue personal vendettas and give in to their biases. And the harm is not just revelation of embarrassing, personal information. Already, scores of people have been detained as “material witnesses” and thousands of people questioned and stigmatized based on extremely flimsy evidence, actions which massive surveillance has and would continue to exacerbate.
4. The most emotional question to be raised in this area is probably the Bush Administration’s proposal to grant telecommunications companies and internet service providers retroactive immunity for their collaboration with the NSA and potentially other agencies in “data mining” activities. First, what does it say about the effectiveness of FISA that the Administration was able to secure the cooperation of the telecoms other than Qwest, it appears in a scheme that did not have the FISA court’s blessing? Second, the Bush Administration is arguing that the telecoms’ future cooperation hinges on the grant of retroactive immunity. Does that strike you as a plausible argument? How do you come out on the question of retroactive immunity?
I could see granting retroactive immunity to the telecoms, but not, as proposed in the current bill, prospective immunity. The telecoms were faced with a government demand for information at a time when the law was somewhat ambiguous and the panic about terrorism at its height. Qwest acted correctly but the others acted understandably. From now on, however, the telecoms should demand a court order, based, as I suggested above, on some sort of articulable suspicion if domestic phone or email records are sought and on probable cause if obtaining the content of our communications are the objective.
Lost in this debate is the fact that the government may have acted
illegally. Regardless of how the corporate liability issue is handled,
I don’t think the government should be retroactively immune for its
5. Do you feel that the FISA amendments hammered through last year that the Democratic leadership is now seeking to extend sufficiently address the technological side of the surveillance issues? What do you see as the major still open questions?
The original Protect America Act, still the law at this point in time, leaves the FISA court entirely out of the picture; interception of communications overseas can take place on the sayso of the Attorney General and the Director of National Intelligence, if acquisition of foreign intelligence information is “a significant purpose” of the surveillance. That approach is clearly unsatisfactory, since both of those individuals are beholden to the President and are members of the executive branch, and because the “significant purpose” language only requires government officials to want foreign intelligence (which presumably is a constant), not demonstrate they’re likely to obtain it through the proposed surveillance. An alternative version of the Act which would have the FISA court approve interceptions en masse is not much better. Many of us make calls to and receive calls from foreign countries. That fact should not, by itself, justify government eavesdropping on our conversations.
6. My questions here have focused on surveillance practiced by the government and the effectiveness of legal restrictions imposed on it. But the rapid spread of new technologies and the reduction of cost associated with them means that nongovernmental actors will certainly also be drawing on them–and indeed we see that daily on the internet, as software moves into new hosts and tracks the habits and preferences of users, in theory to “help” them of course, but potentially for intrusive and not-so-helpful purposes. Has the legal community failed to keep up with all of this? Is new legislation needed to keep it under control? Is there one particular development on the horizon today that troubles you?
The simple principle endorsed by international privacy conventions and recommended by many American commentators is that information accumulated for one purpose should not be used for another purpose unless the subject of the information provides knowing consent. U.S. legislation that incorporated that notion would be useful. One gets the sense that some commercial data brokers and Internet companies want to collect everything about everyone, preferably surreptitiously, and then sell what they know to any and all comers who have the money. This type of aggregated-information market allows companies to create what some have called “personality mosaics” or “digital dossiers” without our consent. Strangers, employers and acquaintances alike can have access to anything in record form–information that can reveal our financial and medical status and our buying, traveling, working, voting, and dating behaviors–at the touch of a button. I think most people, even those who like to expose themselves on Facebook, would not approve of such a practice.
Christopher Slobogin’s Privacy at Risk can be purchased at your local bookstore, or ordered online here.