(Review of Daniel J. Solove, Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale University Press, 2011)).
[Disclosure: Both Solove and I write regularly at Concurring Opinions, a legal blog that has 11 permanent members and a rotating roster of guest bloggers.]
It’s hard to motivate Americans to care about surveillance technology. Defeatism and denial are common responses to the privacy invasion du jour. Why complain about warrantless wiretaps when there is bipartisan consensus for an expanding surveillance state? Many argue that good people don’t need privacy: if you’ve got nothing to hide, why worry about government looking through your business?
Daniel J. Solove’s new book shatters that myth. Nothing to Hide reaffirms the value of privacy, shows how endangered it is, and proposes real solutions. Before giving away any more of it for a mess of security theater, we need to hear his arguments. The power to watch is the power to attack, embarrass, and destroy reputations. Solove shows that the “nothing to hide” caucus misunderstands privacy as a problem of concealing isolated facts. What we really should be thinking about is a critical mass of data. Our lives are starting to become an open book for those powerful or rich enough to demand our profiles.
Solove gives the example of a person buying a book on cancer, and a few weeks later purchasing a wig. Once a data miner connects those dots, what may have once looked like a vague interest in the “emperor of maladies” now crystallizes into a relative certainty that the person has, or knows someone, with a grave disease. Like tiny tiles, any particular piece of data may not say all that much. But when they are put together into a mosaic, they can deeply influence how a person is perceived, and ultimately, how they are treated. Your employer may not have access to medical data in your doctor’s office, but who’s to say it couldn’t deduce conditions from the trail of websites you visit, magazines you read, and contacts you have?
The government itself recognizes that problem, and has used a “mosaic theory” to defeat Freedom of Information requests. The asymmetry between state secrecy and individual exposure is another worrisome theme of Solove’s book. As big government and big business learn more about us, they are deflecting inquiries about their own critical practices. Try to see the data files gathered about you, or the inferences drawn from them, and you’re almost certain to be stonewalled. Meanwhile, secondary uses of data proliferate, resulting in digital selves and reputations attached to individuals but unknown to them. For example, you may know your credit score, but try finding out if (or why) you’ve been the subject of a “Suspicious Activity Report.” You’re likely only to increase suspicion about yourself.
Plummeting Privacy Protections
Solove shows how privacy scandals in the mid-20th century—including politically motivated tracking of civil-rights and peace protesters—resulted in strict laws governing law enforcers’ use of personal data. These privacy laws kept abuses in check for many years. However, after 9/11, overzealous federal and state agents began to ignore basic protections. Solove focuses on the National Security Agency surveillance program, involving warrantless wiretapping of phone calls. He explains how powerful the NSA is, and how it “violated the specific dictates of the Foreign Intelligence Surveillance Act (FISA), a federal law that required judicial oversight and court orders to authorize the wiretapping.”
Here, again, individual acts of surveillance or even the program itself may not seem all that alarming. However, Solove rightly concentrates on the critical mass of surveillance now occurring, and the cowardice of Congress and courts in the face of an overweening executive. Each failed to hold anyone accountable for clear violations of the law. Congress even retroactively immunized phone companies in 2008 in the FISA Amendments Act. Theorists of executive power like Eric Posner have argued that parties, the press, and the people are the only real brakes on martial presidential power now. Solove’s case study sadly confirms this dismissal of Congress and Courts.
Old walls between public and private, state and federal, and military and police data keep breaking down. The anti-terror mission trumps old standards. When the Privacy Act was passed in the early 1970s, Congress considered, but ultimately did not enact, blanket restrictions on private companies’ use of personal data they collect and buy. Members reasoned that private data stores were fundamentally different than public ones, and judges would always provide a backstop of oversight. But with law enforcement and intelligence agencies persistently peeking at private records, the data stores of a massive internet or telecom company are, for all intents and purposes, government resources as well. Data broker Acxiom by itself has an average of 1,500 pieces of data on the 96% of Americans presently in its database. If they want it badly enough, government officials will get that data, and so too will virtually any private entity with the willingness and ability to pay.
Restoring a Right to Seclusion
What’s particularly refreshing in Solove’s work is his ability to encapsulate the “big picture” in surveillance law. For many years, Solove was one of many legal scholars arguing over a thicket of Supreme Court cases on whether citizens had a “reasonable expectation of privacy” in given situations. He now realizes that’s a losing game: privacy-destroying technologies keep improving, and as citizens learn more about them, their “reasonable expectations” diminish. He dismisses the bulk of modern Fourth Amendment jurisprudence as a “great intellectual game,” and aims to reconstruct the original values of the framers of Bill of Rights. Solove would permit courts to intervene “Whenever the government gathers personal information and it creates a problem which isn’t addressed with some form of regulation or oversight,” since the only alternative is to give the executive branch free rein “to engage in activities that result in real problems, ones that invade privacy or chill speech and political activity or create the risk for abuse and other harms.”
That sounds like a broad prerogative for courts, and it is. But Solove finds in the First Amendment a set of principles to guide a modern vindication of Fourth Amendment rights. We have a right to freedom of expression in large part because we cannot properly think for ourselves, develop our own personalities, or act as citizens without some guarantees that these activities will not draw undue attention from powerful individuals and institutions who do not share our views. As Sherry Turkle said in a recent talk on privacy-unconcerned youth, in a democracy, everyone should have something to hide---some private opinions that they are not obliged, and would not want, to subject to the tyrannical majority Tocqueville described so well.
Thus courts should be particularly suspicious of “surveillance of political activities, identification of anonymous speakers, prevention of the anonymous consumption of ideas, discovery of associational ties to political groups, and enforcement of subpoenas to the press or to third parties for information about reading habits and speech.” First Amendment “overbreadth” doctrine, which deters government activity that chills protected expression, should also cabin the scope of large-scale information gathering programs. For Solove, that means they would only be upheld if they served “a substantial government interest and employs narrowly tailored means to achieve that interest.”
Solove’s approach here is very promising. We need to think of privacy as being as much a vindication of our First Amendment as our Fourth Amendment rights. Rather than endlessly parsing the precedents that have already led to chilling levels of exposure, judges need to revive privacy law in the face of new realities.
My only concern about Nothing to Hide is that it is so focused on governmental threats that it may not adequately consider the private sector’s means, motive, and opportunity to abuse power. Dana Priest and Will Arkin have shown that profit-driven corporations are pushing more intensive surveillance. The shadowy saga of HB Gary, Bank of America, and the Justice Department suggests just how far a fused state-corporate apparatus could go to smear its enemies and cover its tracks. The careful attention Solove gave to private data miners in The Digital Person seven years ago may have made Nothing to Hide an even better book. On the other hand, Nothing to Hide’s laser-like focus on the state is probably smart as a political matter, resulting in a book as appealing to libertarians as it is to liberals.
A parade of new sensors may inevitably eviscerate the narrow concept of “privacy as concealment.” Body scanners, device fingerprinters, and retinal identification for “secure communities” are all becoming all too common. But Solove gives us a richer concept of privacy, as a right to self-determination, dignity, due process, and a fair hearing in an increasingly automated and alienating world. Even after all the data has been gathered, we should still argue about, and often limit, its use. Nothing to Hide is a consistently fascinating effort to assure that the modern surveillance state respects the citizens it claims to protect.
X-Posted: Concurring Opinions.