The following article was developed by Green Comma as a discussion resource for use in grades 9–12 classrooms as well as in freshmen college classrooms. The principal writer is Douglas Houston, a lawyer living in Cambridge, MA, who frequently collaborates with Green Comma’s managing director, Amit Shah.
All opinions are the writers’ own.
Attribution-NonCommercial
CC BY-NC
This license lets others remix, tweak, and build upon your work non-commercially, and although their new works must also acknowledge you and be non-commercial, they don’t have to license their derivative works on the same terms.
____________________________
Every time we use Google as a search engine, go through a toll plaza on the highway, stream music online, use the map feature on our phones, shop using a credit card, post on social media, we are sharing data about ourselves with interested groups who want to either sell products to us based on our behaviors and preferences or track our activities.
Security versus Privacy
With the ubiquity of data collection in our daily lives, it is important for us to understand the cost-benefit of this transformational science.
In the recent U.S. presidential election, we were bombarded by polls, which are data collections of individuals’ opinions and preferences on a variety of issues. We saw the failure of such data collection not always because the algorithms were faulty but that data frequently projections on voter behaviors were made on data that was not complete. Many voters who were being polled did not provide reliable data.
One of the largest and by far the most debated data collection is for national security to weed out threats of terrorism at home and abroad. We will focus our discussion on this area where the commonly understood means of protecting one’s privacy are fast becoming obsolete as the need for information to secure our well-being grows.
Threats to National Security: Historical Perspective
There have been threats to our national security throughout our history. In the late nineteenth century the United States labor movement occasionally resorted to violence. (The Great Railroad Strike of 1877, the Haymarket Affair of 1886, and the Homestead Strike of 1892, among others.) The anarchist movement of the early twentieth century spawned its own homegrown terrorists ꟷ Luigi Galleani advocated violence and was rumored to be responsible for the 1920 Wall Street bombing killing 38 people. Sacco and Vanzetti, two anarchists, killed two men robbing a shoe factory in South Braintree, Massachusetts in 1920. Their conviction spurred another anarchist, Severino Di Giovanni, to bomb the American Embassy in Buenos Aires.
And during those periods of “terrorism” in the United States, there were complaints of governmental overreach. Many felt that Sacco and Vanzetti had been unfairly tried, and certainly labor advocates felt the government was trying to crush the workers’ movement, which had legitimate concerns about safety and wages.
The latter half of the twentieth century had the Black nationalist movements, most widely known through the Black Panther Party, and a section of antiwar movement against the Vietnam War, the most violent of which was the Weather Underground. While the violence committed by the Black Panther Party was negligible, the Weather Underground actually declared war on the United States government on May 21, 1970 and committed several bombings including: the March 1, 1971 Capitol bombing, the May 19, 1972 Pentagon bombing, and the January 29, 1975 Department of State bombing.
Again the government’s response was criticized after it was learned how aggressive their response had been. J. Edgar Hoover, head of the FBI, called the Black Panther party the “greatest threat to the internal security of the country” and instituted a covert program to infiltrate them, “Cointelpro.” As is too often the case, the authorities lost focus and cast too wide a net, collecting data and targeting groups like the Southern Christian Leadership Conference and the Student Nonviolent Coordinating Committee, as well as leaders of nonviolent protest such as Martin Luther King, Jr. The excesses of the FBI’s reaction are chronicled in the Church Committee Report, a U.S. Senate Select Committee to Study Government Operations with Respect to Intelligence Activities in 1975.
During this same period white supremacists burned down churches in the South. Right to Life advocates bombed several abortion clinics and targeted doctors who performed abortions. And on April 26, 1995 two lone terrorists bombed the Alfred P. Murrah Federal Building in Oklahoma City killing 168 people. There have been bombings and terrorist acts throughout our history, and consequently there have been police and intelligence gathering to combat such threats.
Where We Are Today: the Patriot Act
Our current security issue did not start on September 11, 2001. Prior to the Oklahoma City bombing, on February 26, 1993 Ramzi Yousef, a member of al-Qaeda, led a group that detonated a bomb in the basement of the World Trade Center in New York City, meant to collapse the building. It failed, but killed six people and injured more than a thousand. On September 11, 2011 four passenger airliners were hijacked by al-Qaeda members. Two crashed into the World Trade Towers, one crashed into the Pentagon, and one crashed in a field in Pennsylvania, killing a total of 2,996 and injuring over 6,000. In the same month, but almost certainly not connected to al-Qaeda, the United States suffered a biological attack by anthrax, which killed five, infected 17 others, frightened millions and disrupted the US Postal Service for months, among other agencies. The result was the “USA Patriot Act,” that provided for increased security measures including data collection on a grand scale.
Signed into law on October 26, 2011, a little over a month after 9/11, its name is an acronym for “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.” Its very title refers to intercepting information. The Patriot Act was passed by a vast majority of legislators, 357 to 66 in the House and 98 to 1 in the Senate.
Government Surveillance: Title II, Section 215
Title II of the Act contains the most controversial sections, amending the 1978 Foreign Intelligence Surveillance Act (FISA) and the 1986 Electronic Communications Privacy Act, expanding the government’s authority to intercept electronic communications. Section 215 of Title II, the “library records” provision, provides for the collection of personal data.
The U.S. has for years intercepted overseas electronic data requiring no warrants. The Church Committee, mentioned above, sought through the 1978 Foreign Intelligence Surveillance Act to rein in excessive intelligence gathering both overseas and domestic, establishing a special court, the FISA Court, to review government requests for electronic surveillance. Before the Patriot Act, the FBI could petition the FISA Court ordering common carriers to provide business records pertaining to a foreign power. Section 215 enlarged business records to any records from any business, not just common carriers, while maintaining its limit “. . . to obtain foreign intelligence information not concerning a United States person . . .” (50 USC § 1861 (a)(1))
Seeds, Hops, and the Leak
Under Section 215, the government began in May 2006 collecting telephone metadata in bulk, which includes routing information, date and time of call, number called, and duration of call. The government could focus on one phone number, the “seed” number, and then collect metadata on all calls connected to that “seed” number. Those numbers are products of the first “hop”. The government was authorized to conduct two more hops, collecting all the metadata connected to the numbers produced in the first hop; all the metadata connected to the numbers collected from the second hop; and all the metadata from the numbers collected from the third hop. This metadata collection does not include any content of the calls. The original order, which is good for 90 days, keeps getting renewed, and the data is kept for five years by the National Security Agency (NSA).
On June 6, 2013 the English newspaper, The Guardian, published a copy of the FISA Court order, stolen by an NSA contractor, Edward Snowden. The Obama administration, as a result of the public outcry over the amount of data being collected and the certainty that the data was on and about US citizens, established the Privacy and Civil Liberties Oversight Board (PCLOB) and the President’s Review Group. The result was limiting the NSA’s collection to two hops, and requiring a FISA judge to establish that a reasonable suspicion has been established before a first “seed” number can be searched. On May 7, 2015 the Court of Appeals for the Second Circuit in ACLU v. Clapper held that Section 215 did not authorize the bulk telephone metadata program.
The Court did not decide any constitutional issues, but decided the case narrowly, noting the law was to expire June, 1, 2015, unless it was renewed. The judge wrote, “Such expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans. . . . We would expect such a momentous decision to be preceded by substantial debate, and expressed in unmistakable language. There is no evidence of such a debate.”
The Response to ACLU v. Clapper: Can a Balance Be Achieved?
The attorney general responded at a May 7, 2015 Senate budget hearing that the NSA data collection was a “vital tool in our national security arsenal.” On June 2, 2015 Congress passed and the President signed the USA Freedom Act, restoring part of the Section 215, through 2019, but ending the bulk collection of United States citizens’ telecommunication metadata. The phone companies must retain the metadata themselves and provide it to the NSA only if ordered by a FISA Court. Critics argue that bulk collection can continue under Section 702 of FISA, which expires in 2017, and Executive Order 12333.
The debate over the Freedom Act is the debate that threads throughout all confrontations between privacy and security. The Software Alliance, which helped sponsor the legislation, stated that “in reforming surveillance practices, it is critical that legislation strikes the right balance between securing our nation and its citizens and improving privacy protections for the public. The FISA reforms in the USA Freedom Act will help restore trust in the US government and the US technology sector.”
The ACLU and other critics argue the Freedom Act does not reform the Patriot Act and adequately protect privacy. Three former NSA employees oppose the Freedom Act saying it is not enough; that the NSA collects vast amounts of data the public is not aware of. The Heritage Foundation, a conservative think tank, cites the 9/11 Commission Report’s finding that the government’s inability to “connect the dots” between known or suspected terrorists was exacerbated by the “wall” between domestic law enforcement and US intelligence services, the CIA and the NSA. There are reports by among others, the House Permanent Select Committee on Intelligence, that by June 2015, several terrorist plots were thwarted, presumably as a result of the robust data collection by the NSA. Unfortunately, the number is uncertain and these unsubstantiated claims by the NSA has eroded media and public confidence in their claim.
How Much Data Are We Talking About?
Snowden’s initial disclosure revealed that the FISA Court ordered Verizon to turn over all domestic phone metadata for part of 2013. Mattathias Schwartz, writing for the New Yorker magazine soon after the Clapper decision estimated the NSA (“and soon the phone companies”) collected “metadata for ‘hundreds of billions of phone calls.” A group of anonymous officials told the Washington Post that they collected less than 30 percent of the total domestic calls, due to the use of cell phones. Todd Hinnen, an official of the Justice Department testified on March 9, 2011 that Section 215 has been used to not just collect telephone metadata, but also to collect driver’s license records, hotel records, car rental records, apartment leases, credit card, “and the like.”
Snowden’s leaked documents also disclose the existence of another data collection program through the Patriot Act called “PRISM.” Under PRISM the NSA can petition the FISA Court to order internet providers to hand over internet communications. These providers included: Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube, and Apple.
The Cost of the Trade Off?
Clearly the data collection is massive, and a reasonable question is whether more data is being collected than could competently be analyzed. But regardless of the amount of data, the question remains, and the one the government relies on, given the threat, isn’t the decrease in privacy worth the added security? Prior to Snowden’s leaked documents, the public was unaware of the data collection, but now we know.
Currently, data collection is on a similar footing as airline security. People complained bitterly about the airline security lines and proposed search methods. Presumably if enough people felt the cost of the airport searches was too great, as balanced against the perceived threat, airport searches would have been discontinued. The government has relaxed some airlines security procedure, but has not discontinued them. Since the Snowden document leak, and the ensuing public debate, the government has adjusted its data collection, the data collection has become narrower and is scrutinized more, but it has continued.
It’s Not Just the Government, It’s Acxiom and Others
The collection of data is going on all the time, not just by the government, in fact rarely first by the government and certainly less by the government than by private enterprise. Internet providers collect data about their users and sell it to advertisers and retailers. The NSA had to go to the providers to get their data. A private company, Acxiom, collects not just people’s buying habits, but their buying interests, by collecting what websites they visit. Jason Morris and Ed Lavandera reported on August 23, 2012 on CNN that Acxiom reported $1.1 billion in sales, offering data on 144 million households. “Data is now a $300 billion-a-year industry and employees three million people in the US alone, according to the McKinsey Global Institute.” Axciom’s Chief Executive Officer, Scott Howe, in an attempt to demystify and presumably calm the public, said, “Companies like Axciom are trying to get intelligent about what you might be interested in and who you are.” One might look at this differently and be disturbed that companies are collecting and selling information, without our knowledge or permission, on who we are and what we might be interested in.
In a March 9, 2014 CBS “60 Minutes” piece Acxiom reported that they had on average 1,500 pieces of information on over 200 million Americans. Tim Sparapani, an attorney formerly with the ACLU, listed the kinds of data being collected, how the data collectors and data brokers specialize, what they collect and what they sell. These data companies have information on the medication people take, their medical conditions including depression, cancer, and their sexual orientation. One broker advertises lists of people suffering from bipolar disorder, another advertises lists of people with addiction issues, and another lists of people with sexually transmitted diseases. We are vaguely aware of the data that is continuously collected about us.
Data Collection and Good Governance
Susan Crawford, a Harvard Law professor and Stephen Goldsmith, a professor at Harvard’s Kennedy School of Government, have written The Responsive City, Engaging Communities through Data-Smart Governance. They argue that data is one of the keys to good governance. Crawford was interviewed on November 13, 2014 by Ethan Zuckerman, director of MIT’s Center for Civic Media. At the end of her presentation on municipal data collection, which included reference to “311” citizen programs and their use in combating rats efficiently and economically, she stated that we are beyond fighting data collection, it’s going to happen. But it was in the question and answer section that she touched on the conflict inherent in data collection, and the challenges of balancing competing and even conflicting interests.
Crawford was asked by Zuckerman about “predictive policing,” “algorithmically deciding to intervene before we actually suspect someone,” which can be, and was interpreted by Crawford as code for a negative consequence of municipal data collection. Crawford discussed CompStat, which blandly refers to “computer statistics.” It also has a more specific reference however. CompStat is the name of a policing program begun in New York City in the 1990’s.
CompStat
Jack Maples, a transit cop, in the 1980s began charting with pins on paper, crimes in the NYC transit system. Using his “Charts of the Future,” he implemented focused policing efforts which produced significant crime reduction in the transit system. His boss, William Bratton was head of the transit police at the time, and in the early 1990s was promoted to head the NYC Police Department. Bratton brought with him Maples’ charts, which were ultimately computerized to become CompStat, a computerized system of tracking crime throughout New York City, and then implementing increased forces in those locations. Implemented alongside CompStat was another program, the “broken window” policy, whereby minor crimes are responded to with the idea that response to minor crimes, as well as major crimes, discourages or inhibits more serious criminality.
CompStat is another example of data collection, analysis, and implementation of policy that puts a focus on the effort to balance contradictory goals. Clearly, the goal of reducing crime is worthwhile. However, in terms of police conduct, CompStat and the broken window policy were largely implemented in the poorest sections of New York City, which coincidentally were inhabited primarily by minorities. In addition, critics claimed that the very act of data collection caused its own distortion of the very data being collected.
Saki Knafo’s February 18, 2106 New York Times article, “A Black Police Officer’s Fight Against the N.Y.P.D.” describes how the data corruption went both ways. Sometimes arrests were underreported to show that crime was decreasing and sometimes officers were encouraged or pressured to make arrests to raise statistics in order to show aggressive policing. This pressure to raise arrest rates invariably occurred in minority neighborhoods, creating more tension and mistrust between the citizenry and the police force. It is fair to say that the “stop and frisk” controversy in New York City is connected to CompStat.
The arguments pro and con concerning CompStat match with uncanny similarity, those concerning privacy and security in the national debate. In CompStat, it is security or lowered crime rates balanced against the risk of unfair treatment of minorities and racism. Crawford acknowledges the benefit of CompStat while also acknowledging necessary steps to maintain its accuracy and fairness.
Mass Data Collection’s Self-Correcting Worm
On January 5, 2010 a 23-year old Army Specialist went to work at his “office” in Forward Operating Base Hammer, near Baghdad, Iraq. Chelsea Manning (born Bradley Manning and served under that name and gender) had been there only three months, but because his title was “intelligence analyst,” he had TS/SCI security clearance, Top Secret/Sensitive Compartmentalized Information and could access SIPRNet, the Secret Internet Protocol Router Network, and JWICS, the Joint Worldwide Intelligence Communications System. Specialist Manning downloaded 400,000 documents that day pertaining to the United States prosecution of its war in Iraq and Afghanistan. On January 8 he downloaded another 91,000 documents and smuggled the documents out on what appeared to be a Lady Gaga CD. Between March 28 and April 9 he downloaded 250,000 diplomatic cables.
Manning was convicted and imprisoned. The documents were published by WikiLeaks, and the world became aware of many policies and acts by the United States in Iraq and Afghanistan, as well as diplomatic policies and the privately held opinions of its diplomats, which caused great embarrassment and public anger toward the United States both domestically and abroad.
Both Manning and Snowden reveal perhaps a self-correcting consequence of mass data collecting and its use and misuse by the government. These instances of the collection, retention, and subsequent theft and publication of huge amounts of data ꟷ data revealing the government’s own questionable collection of data may be considered a balancing force to the privacy concerns of its citizens. Perhaps the mere accumulation of vast amounts of emails, reports, and video footage, all in digital form, necessarily made accessible worldwide to the different branches of the government, guarantee a certain amount of inevitable transparency by the apparent ease of their theft.
The transparency that Crawford advocates, the checks and balances, the auditing that CompStat is supposed to encourage and be dependent upon, when it fails, makes the theft and dissemination appropriate. This is the defense that both Snowden and Manning maintain.
The complexity of understanding data collection in the context of democratic and social justice frames in the twenty-first century is one of the great challenges. There are, as we have tried to outline, enormous benefits in economy, technology, and society at large as well as challenging civil rights issues to navigate.
Writing in Big Data: A Revolution, Viktor Mayer-Schönberger and Kenneth Cukier conclude:
“ . . . [big] data . . . as a tool that doesn’t offer ultimate answers, just good enough ones to help us now until better methods and hence better answers come along. It also suggests that we must use this tool with a generous degree of humility . . . and humanity.”
