Dragnet Surveillance is Bad

A person’s digital life sheds lots of data that together paints an intimate picture of their life. Their mobile phone connects to nearby cell towers and WiFi hotspots as they move, providing their location (as does GPS and the check in functionality of services like Yelp and Google Maps). Their social networking and chat activity contain their contacts, both personal and professional, as well as the content of their communications. Data from media services like YouTube, Spotify, and Kindle details the content they are consuming. Membership and association information can be found in their Meetup, Facebook, or web browser activity. Everything they buy has an order receipt in the merchant’s database.

The National Security Agency’s dragnet surveillance operation seizes and processes such personal data of many Americans so that it is available for search at any time. It accomplishes this by intercepting and storing traffic as it travels along the physical Internet infrastructure. The data they seize and store may contain all of those details I mentioned above, granting the government access to a timeline of one’s private life. Most people don’t care about or are not directly affected by this, and so this violation of digital privacy by law enforcement can feel uninvasive. The data one generates throughout their day is a byproduct of your voluntary use of valuable services that are often free, and so the government accessing that data can feel like a fair trade. Since they are voluntarily creating the data and sharing it with a third party, they have opted into the possibility that the data may be surveilled in the service of law enforcement’s legitimate aims.

I believe a person or organization accessing your data should feel like a serious violation of your rights. The technology involved muddles the issue, and it’s helpful to treat it as a variable that can be swapped out for something different. Consider life before personal computers. In that world, what would it look like for the government to collect information equivalent to what they collect today? A surveillance team would need to secretly follow you around the clock, documenting your location. They would write down who you interacted with throughout the day and the nature of those interactions. The people you interact with would all be wearing recording devices so that the surveillance team could hear the contents of your conversations. Copies of the receipts from all of your purchases would be collected, as well. They would peek in your window at home and note what you are watching on television. The list of books you checked out from the library make their way into their notes, too. The team sends all of this information to a central location every day, and the government can access all of it at a later date.

To me, that sounds bad. If the same number of people whose data the NSA currently collects via dragnet Internet surveillance were undergoing that pre-Internet surveillance, it would be farcical, like a caricature of the worst secret police imaginable. I do not want to live in a country where the government is following most people around and archiving their lives’ details. It sounds like a bit of an overreach. But that is essentially, in my opinion, the pre-Internet version of today’s dragnet surveillance.

Compare the totalitarian surveillance described above with its modern digital cousin:

The main difference between the two surveillance operations is the collection mechanism. Yes, it would be worse if the government physically followed you around to collect your data, but the collection of your data is not inherently problematic. The potential actions of an unjust entity possessing your data is the main problem, and thus government access to the data by whatever means is the concern of digital privacy advocates. The collection process has simply been privatized. Data must be collected for it to be abused. Opposing collection is a means of opposing the ultimate abuse.

A slight twist on the scenario outlined above is if you were keeping your personal data (where you went, who you spoke to, what you did for leisure) in a journal as you went about your day, and the government wanted to read your journal. The journal is your personal property and is afforded protection from warrantless search by the Fourth Amendment. I consider your data like that personal effect. Some view your personal data as business data owned by the firms whose services you use. You “generate” it but it’s the business that is processing and storing it, which costs money, and it’s used by the services in various ways. I am sympathetic to this view, but if only one designation can be afforded I think personal property should win over business data in light of the potential abuse.

The mechanism of the data collection is immaterial to the question of privacy. Keeping in mind the pre-Internet version of how surveillance would work helps clarify that point.