Tagged: surveillance

2

Irresistible Surveillance?

Bernard Harcourt’s Exposed: Desire and Disobedience in the Digital Age offers many intriguing insights into how power circulates in contemporary society.  The book’s central contribution, as I see it, is to complicate the standard model of surveillance by introducing the surveilled’s agency into the picture.  Exposed highlights the extent to which ordinary people are complicit in regimes of data-monitoring and data-mining that damage their individual personhood and the democratic system.  Millions upon millions of “digital subjects,” Harcourt explains, have come to embrace forms of exposure that commoditize their own privacy.  Sometimes people do this because they want more convenience when they navigate capitalist culture or government bureaucracies.  Or because they want better book recommendations from Amazon.  Other times, people wish to see and be seen online—increasingly feel they need to be seen online—in order to lead successful social and professional lives.

So complicit are we in the erosion of our collective privacy, Harcourt suggests, that any theory of the “surveillance state” or the “surveillance industrial complex” that fails to account for these decentralized dynamics of exhibition, spectacle, voyeurism, and play will misdiagnose our situation.  Harcourt aligns himself at times with some of the most provocative critics of intelligence agencies like the NSA and companies like Facebook.  Yet the emphasis he places on personal desire and participatory disclosure belies any Manichean notion of rogue institutions preying upon ignorant citizens.  His diagnosis of how we’ve lost our privacy is more complex, ethically and practically, in that it forces attention on the ways in which our current situation is jointly created by bottom-up processes of self-exposure as well as by top-down processes of supervision and control.

Thus, when Harcourt writes in the introduction that “[t]here is no conspiracy here, nothing untoward,” what might seem like a throwaway line is instead an important descriptive and normative position he is staking out about the nature of the surveillance problem.  Exposed calls on critics of digital surveillance to adopt a broader analytic lens and a more nuanced understanding of causation, power, and responsibility.  Harcourt in this way opens up fruitful lines of inquiry while also, I think, opening himself up to the charge of victim-blaming insofar as he minimizes the social and technological forces that limit people’s capacity to change their digital circumstances.

The place of desire in “the expository society,” Harcourt shows, requires rethinking of our metaphors for surveillance, discipline, and loss of privacy.  Exposed unfolds as a series of investigations into the images and tropes we conventionally rely on to crystallize the nature of the threat we face: Big Brother, the Panopticon, the Surveillance State, and so forth.  In each case, Harcourt provides an erudite and sympathetic treatment of the ways in which these metaphors speak to our predicament.  Yet in each case, he finds them ultimately wanting.  For instance, after the Snowden disclosures began to garner headlines, many turned to George Orwell’s novel 1984 to help make sense of the NSA’s activities.  Book sales skyrocketed.  Harcourt, however, finds the Big Brother metaphor to be misleading in critical respects.  As he reminds us, Big Brother sought to wear down the citizens of Oceania, neutralize their passions, fill them with hate.  “Today, by contrast, everything functions by means of ‘likes,’ ‘shares,’ ‘favorites,’ ‘friending,’ and ‘following.’  The drab blue uniform and grim gray walls in 1984 have been replaced by the iPhone 5C in all its radiant colors . . . .”  We are in a new condition, a new paradigm, and we need a new language to negotiate it.

Harcourt then considers a metaphor of his own devising: the “mirrored glass pavilion.”  This metaphor is meant to evoke a sleek, disorienting, commercialized space in which we render ourselves exposed to the gaze of others and also, at the same time, to ourselves.  But Harcourt isn’t quite content to rest with this metaphor either.  He introduces the mirrored glass pavilion, examines it, makes a case for it, and keeps moving—trying out metaphors like “steel mesh” and “data doubles” and (my favorite) “a large oligopolistic octopus that is enveloping the world,” all within the context of the master metaphor of an expository society.  Metaphors, it seems, are indispensable if imperfect tools for unraveling the paradoxes of digital life.

The result is a restless, searching quality to the analysis.  Exposed is constantly introducing new anecdotes, examples, paradigms, and perspectives, in the manner of a guided tour.  Harcourt is clearly deeply unsettled by the digital age we have entered.  Part of the appeal of the book is that he is willing to leave many of his assessments unsettled too, to synthesize a vast range of developments without simplifying or prophesizing.

Another aspect of Exposed that enhances its effect is the prose style.  Now, I wouldn’t say that Harcourt’s Foucault-fueled writing has ever suffered from a lack of flair.  But in this work, Harcourt has gone further and become a formal innovator.  He has developed a prose style that uncannily mimics the experience of the expository society, the phenomenology of the digital subject.

Throughout the book, when describing the allure of new technologies that would rob us of our privacy and personhood, the prose shifts into a different register.  The reader is suddenly greeted with quick staccato passages, with acronyms and brand names thrown together in a dizzying succession of catalogs and subordinate clauses.  In these passages, Harcourt models for us the implicit bargain offered by the mirrored glass pavilion—inviting us to suspend critical judgment, to lose ourselves, as we get wrapped up in the sheer visceral excitement, the mad frenzy, of digital consumer culture.

Right from the book’s first sentence, we confront this mimetic style:

Every keystroke, each mouse click, every touch of the screen, card swipe, Google search, Amazon purchase, Instagram, ‘like,’ tweet, scan—in short, everything we do in our new digital age can be recorded, stored, and monitored.  Every routine act on our iPads and tablets, on our laptops, notebooks, and Kindles, office PCs and smart-phones, every transaction with our debit card, gym pass, E-ZPass, bus pass, and loyalty cards can be archived, data-mined, and traced back to us.

Other sentences deploy a similar rhetorical strategy in a more positive key, describing how we now “‘like,’ we ‘share,’ we ‘favorite.’ We ‘follow.’ We ‘connect.’ We get ‘LinkedIn”—how “[e]verything today is organized around friending, clicking, retweeting, and reposting.”

There is a visceral pleasure to be had from abandoning oneself to the hyper-stimulation, the sensory overload, of passages like these.  Which is precisely the point.  For that pleasure underwrites our own ubiquitous surveillance and the mortification of self.  That pleasure is our undoing.  More than anything else, in Harcourt’s telling, it is the constant gratifications afforded by technologies of surveillance that have “enslaved us, exposed us, and ensnared us in this digital shell as hard as steel.”

*  *  *

I hope these brief comments have conveyed some of what I found so stimulating in this remarkable book.  Always imaginative and often impressionistic, Exposed is hazy on a number of significant matters.  In the hope of facilitating conversation, I will close by noting a few.

First, what are the distributional dimensions of the privacy crisis that we face?  The implicit digital subject of Exposed seems to be a highly educated, affluent type—someone who would write a blog post, wear an Apple Watch, buy books on Amazon.  There may well be millions of people like this; I don’t mean to suggest any narcissism in the book’s critical gaze.  I wonder, though, how the privacy pitfalls chronicled in Exposed relate to more old-fashioned forms of observation and exploitation that continue to afflict marginalized populations and that Harcourt has trenchantly critiqued in other work.

Second, what about all the purported benefits of digital technology, Big Data, and the like?  Some commentators, as Harcourt notes in passing, have begun to argue that panoptic surveillance, at least under the right conditions, can facilitate not only certain kinds of efficiency and security but also values such as democratic engagement and human freedom that Harcourt is keen to promote.  I share Harcourt’s skepticism about these arguments, but if they are wrong then we need to know why they are wrong, and in particular whether they are irredeemably mistaken or whether they might instead point us toward useful regulatory reforms.

And lastly, what would dissent look like in this realm?  The final, forward-looking chapter of Exposed is strikingly short, only four pages long.  Harcourt exhorts the reader to fight back through “digital resistance” and “political disobedience.”  But remember, there is no conspiracy here, nothing untoward.  Rather, there is a massively distributed and partially emergent system of surveillance.  And this system generates enormous perceived rewards, not just for those at the top but for countless individuals throughout society.  It is something of a puzzle, then, what would motivate the sort of self-abnegating resistance that Harcourt calls for—resistance that must be directed, in the first instance, toward our own compulsive habits and consumptive appetites.  How would that sort of resistance develop, in the teeth of our own desires, and how could it surmount collective action barriers?

These are just a few of the urgent questions that Exposed helps bring into focus.

*  *  *

David Pozen is an associate professor at Columbia Law School.

6

PETs, Law and Surveillance

In Europe, privacy is considered a fundamental human right. Section 8 of the European Convention of Human Rights (ECHR) limits the power of the state to interfere in citizens’ privacy, ”except such as is in accordance with the law and is necessary in a democratic society”. Privacy is also granted constitutional protection in the Fourth Amendment to the United States Constitution. Both the ECHR and the US Constitution establish the right to privacy as freedom from government surveillance (I’ll call this “constitutional privacy”). Over the past 40 years, a specific framework has emerged to protect informational privacy (see here and here and here and here); yet this framework (“information privacy”) provides little protection against surveillance by either government or private sector organizations. Indeed, the information privacy framework presumes that a data controller (i.e., a government or business organization collecting, storing and using personal data) is a trusted party, essentially acting as a steward of individual rights. In doing so, it overlooks the fact that organizations often have strong incentives to subject individuals to persistent surveillance; to monetize individuals’ data; and to maximize information collection, storage and use.

Read More

2

The Vanishing Distinction Between Real-time and Historical Location Data

A congressional inquiry, which recently revealed that cell phone carriers disclose a huge amount of subscriber information to the government, has increased the concern that Big Brother tracks our cell phones. The New York Times reported that, in 2011, carriers responded to 1.3 million law enforcement demands for cell phone subscriber information, including text messages and location information. Because each request can acquire information on multiple people, law enforcement agencies have clearly obtained such information about many more of us than could possibly be worthy of suspicion. Representative Markey, who spearheaded the inquiry, has followed up with a thorough letter to Attorney General Holder that asks how the Justice Department could possibly protect privacy and civil liberties while acquiring such a massive amount of information.

Among many important questions, Representative Markey’s letter asks whether the DOJ continues to legally differentiate between historical (those produced from carrier records) and real-time (those produced after an order is issued) cell site location information and what legal standard the DOJ meets for each (or both). Traditionally, courts have accorded less protection to historical location data, which I have criticized as a matter of Fourth Amendment law in my amicus briefs and in my scholarship. The government’s applications for historical data in the Fifth Circuit case, which is currently considering whether agents seeking historical location data must obtain a warrant, provide additional evidence that the distinction between real-time and historical location data makes no sense.

Some background. Under the current legal rules for location acquisition by law enforcement, which are complex, confusing, and contested, law enforcement agents have generally been permitted to acquire historical location data without establishing probable cause and obtaining a warrant. Instead, they have had to demonstrate that the records are relevant to a law enforcement investigation, which can dramatically widen the scope of an inquiry beyond those actually suspected of criminal activity and yield the large number of disclosures that the recent congressional inquiry revealed. Generally, prospective (real-time) location information has required a higher standard, often a warrant based on probable cause, which has made it more burdensome to acquire and therefore more protected against excessive disclosure.

Some commentators and judges have questioned whether historical location data should be available on an easier to satisfy standard, positing the hypothetical that law enforcement agents could wait just a short amount of time for real-time information to become a record, and then request it under the lower standard. Doing so would clearly be an end run around both the applicable statute (ECPA) and the Fourth Amendment, which arguably accord less protection to historical information because it is stored as an ordinary business record and not because of the fortuity that it is stored for a short period of time.

It turns out that this hypothetical is more than just the product of concerned people’s imagination. The three applications in the Fifth Circuit case requested that stored records be created on an ongoing basis. For example, just after a paragraph that requests “historical cell-site information… for the sixty (60) days prior” to the order, one application requests “For the Target Device, after receipt and storage, records of other information… provided to the United States on a continuous basis contemporaneous with” the start or end of a call, or during a call if that information is available. The other two applications clarify that “after receipt and storage” is “intended to ensure that the information” requested “is first captured and recorded by the provider before being sent.” In other words, the government is asking the carrier to create stored records and then send them on as soon as they are stored.

To be clear, only one of the three applications applied for only a relevance-based court order to obtain the continuously-created stored data. That court order, used for historical data, has never been deemed sufficient for forward-looking data (as the continuously-created data would surely be as it would be generated after the order). The other two applications used a standard less than probable cause but more than just a relevance order. It is not clear if the request for forward-looking data under the historical standard was an inadvertent mistake or an attempt to mislead. But applications in other cases have much more clearly asked for forward-looking prospective data, and didn’t require that data to be momentarily stored. Why would the applications in this case request temporary storage if not at least to encourage the judge considering the application to grant it on a lower standard?

I am optimistic that the DOJ’s response to Representative Markey’s letter will yield important information about current DOJ practices and will further spur reform. In the meantime, the government’s current practice of using this intrusive tool to gather too much information about too many people cries out for formal legal restraint. Congress should enact a law requiring a warrant based on probable cause for all location data. It should not codify a meaningless distinction between historical and real-time data that further confuses judges and encourages manipulative behavior by the government.

0

Stanford Law Review Online: The Drone as Privacy Catalyst

Stanford Law Review

The Stanford Law Review Online has just published a piece by M. Ryan Calo discussing the privacy implications of drone use within the United States. In The Drone as Privacy Catalyst, Calo argues that domestic use of drones for surveillance will go forward largely unimpeded by current privacy law, but that the “visceral jolt” caused by witnessing these drones hovering above our cities might serve as a catalyst and finally “drag privacy law into the twenty-first century.”

Calo writes:

In short, drones like those in widespread military use today will tomorrow be used by police, scientists, newspapers, hobbyists, and others here at home. And privacy law will not have much to say about it. Privacy advocates will. As with previous emerging technologies, advocates will argue that drones threaten our dwindling individual and collective privacy. But unlike the debates of recent decades, I think these arguments will gain serious traction among courts, regulators, and the general public.

Read the full article, The Drone as Privacy Catalyst by M. Ryan Calo, at the Stanford Law Review Online.