In response to the uproar created by the Edward Snowden revelations, the White House commissioned five dignitaries to produce a 300-page report, released last December 12. (Official name: Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies.) I read or skimmed a large minority of it, and I found enough substance to be worthy of a blog post.
Many of the report’s details fall in the buckets of bureaucratic administrivia,* internal information security, or general pabulum. But the commission started with four general principles that I think have great merit.
*One big item — restrict the NSA to foreign intelligence, and split off domestic cyber defense into a separate organization.
The United States Government must protect, at once, two different forms of security: national security and personal privacy.
… It might seem puzzling, or a coincidence of language, that the word “security” embodies such different values. But the etymology of the word solves the puzzle; there is no coincidence here. In Latin, the word “securus” offers the core meanings, which include “free from care, quiet, easy,” and also “tranquil; free from danger, safe.”
Key point: The report rejects any idea that national security concerns should run roughshod over individual liberty.
The central task is one of risk management; multiple risks are involved, and all of them must be considered. …
- Risks to privacy;
- Risks to freedom and civil liberties, on the Internet and elsewhere;
- Risks to our relationships with other nations; and
- Risks to trade and commerce, including international commerce.
… If people are fearful that their conversations are being monitored, expressions of doubt about or opposition to current policies and leaders may be chilled, and the democratic process itself may be compromised.
… These points make it abundantly clear that if officials can acquire information, it does not follow that they should do so.
I am always pleased when policy makers recognize that the key issue is chilling effects upon the exercise of ordinary freedoms; the report made that point multiple times, footnoting both Sonia Sotomayor and the 1970s Church Commission. (Search the document for chill to see where.)
The idea of “balancing” has an important element of truth, but it is also inadequate and misleading.
… The purposes of surveillance must be legitimate. If they are not, no amount of “balancing” can justify surveillance. For this reason, it is exceptionally important to create explicit prohibitions and safeguards, designed to reduce the risk that surveillance will ever be undertaken for illegitimate ends.
Exceptionally important indeed.
The government should base its decisions on a careful analysis of consequences, including both benefits and costs (to the extent feasible).
Government officials, even more than other large-organization employees, have the tendency to avoid job failure at all costs. This goes triple when they work on life-and-death issues. Even so, sometimes security can be pursued with too much vigor, and much of the United States’ post-9/11 history directly bears that out.
And here’s the part I like best of all (emphasis mine):
We recommend that, if the government legally intercepts a communication under section 702 … and if the communication either includes a United States person as a participant or reveals information about a United States person:
(1) any information about that United States person should be purged upon detection unless it either has foreign intelligence value or is necessary to prevent serious harm to others;
(2) any information about the United States person may not be used in evidence in any proceeding against that United States person;
I’ve felt for years that a deciding issue in the preservation of liberty will be what kinds of information are admissible in court, or otherwise may be used to hurt people. All safeguards on data collection and retention notwithstanding, huge datasets will be created and maintained. Continued liberty requires careful limitation of how they may be used against us.
- Why privacy laws should be based on data use more than on data possession (August, 2013)
- A brief history of privacy theory (July, 2013)
- The Obama Administration’s reasonable but inadequate consumer privacy proposals (February, 2012)
- The essential privacy questions our lawmakers must address (July, 2010)