an unanticipated consequence of
Jack M. Balkin
Jack Balkin: jackbalkin at yahoo.com
Bruce Ackerman bruce.ackerman at yale.edu
Ian Ayres ian.ayres at yale.edu
Mary Dudziak mary.l.dudziak at emory.edu
Joey Fishkin joey.fishkin at gmail.com
Heather Gerken heather.gerken at yale.edu
Mark Graber mgraber at law.umaryland.edu
Stephen Griffin sgriffin at tulane.edu
Bernard Harcourt harcourt at uchicago.edu
Scott Horton shorto at law.columbia.edu
Andrew Koppelman akoppelman at law.northwestern.edu
Marty Lederman marty.lederman at comcast.net
Sanford Levinson slevinson at law.utexas.edu
David Luban david.luban at gmail.com
Gerard Magliocca gmaglioc at iupui.edu
Jason Mazzone mazzonej at illinois.edu
Linda McClain lmcclain at bu.edu
John Mikhail mikhail at law.georgetown.edu
Frank Pasquale pasquale.frank at gmail.com
Nate Persily npersily at gmail.com
Michael Stokes Paulsen michaelstokespaulsen at gmail.com
Deborah Pearlstein dpearlst at princeton.edu
Rick Pildes rick.pildes at nyu.edu
Alice Ristroph alice.ristroph at shu.edu
Brian Tamanaha btamanaha at wulaw.wustl.edu
Mark Tushnet mtushnet at law.harvard.edu
Adam Winkler winkler at ucla.edu
The Justice Department has asked Internet companies to keep records of what sites individuals visit on the web and what search terms individuals enter in order to aid law enforcement, the New York Times reports.
The department proposed that the records be retained for as long as two years. Most Internet companies discard such records after a few weeks or months.In its current proposal, the department appears to be trying to determine whether Internet companies will voluntarily agree to keep certain information or if it will need to seek legislation to require them to do so.
Data retention is a crucial element of surveillance. One of the most significant protectors of privacy is amnesia. Ordinarily, much of what we do is forgotten, even if it is done in public or is otherwise easily captured. But if the government or private parities keep records of what we do, they can not only recall it, but trace our behavior over time. Hence if government is really serious about surveillance, it is not surprising that they want as much data retention as possible. One key question is who will bear the cost-- although data retention is increasingly cheap, it is not costless, and the Justice Department's request will put some burden on Internet companies.
Although Attorney General Gonzales initially offered enforcement of child pornography laws as the reason for requiring data retention, it soon became clear that the Justice Department wants to use the records for terrorism and general law enforcement. This is inevitable, and it is one of the risks of systematic data retention. Once Internet companies save data and make it routinely available to government, it is very hard for government to restrain itself from using it for many different purposes, not just simply the worst offenses. It would be like putting a very large and delicious cake in front of a very hungry person and expecting them not to want to take a bite.
It is sometimes said that data collection by computers does not invade privacy as long as no human being is watching. But when data is collected and retained, the fact that no human being is watching is irrelevant. Human beings always have the ability to view the data later on, and, moreover, to collate it, discovering features of our lives that were not obvious from isolated elements. This makes data retention a powerful tool of law enforcement, but also a powerful danger to individual privacy.
As a divorce attorney, can you think of anything better than subpoena power over web traffic records? Online porn, internet gambling, chat room transcripts -- it's a gold mine. "Would you care to settle this case and pay your ex-wife what she deserves, Mr. Balkin, or should we move forward with the ugly process of a public divorce?"
On a more serious note, is there really any doubt that NSA already tracks this information? After all, web traffic receives far less protection under current law than voice conversations -- and we know NSA crossed the phone tapping bridge long ago. And intercepting web traffic is probably quite a bit easier than tracking phone calls from a technological perspective.
Of course, the problem faced by NSA is that none of the juicy web traffic they intercept through their surveillance programs is admissible in court. (Heck, according to the web providers, the information doesn't even exist after a few days.) The new system would remedy the situation to some degree. Law enforcement would still need to establish probable cause to use the records in a prosecution, but that's a hell of a lot easier than trying to use data that isn't supposed to exist.