Tuesday, December 10, 2013
By DAVEED GARTENSTEIN-ROSS and KELSEY D. ATHERTON
Privacy in 2013 does not exist as we knew it in 2000.
But don't be fooled: The almost complete erosion of what we would have considered our private spaces at the beginning of this millennium is not entirely -- nor even mainly -- a result of the National Security Agency's surveillance. While nobody should doubt that the government's electronic spying is intrusive, we largely let online privacy slip away without any assistance from security agencies. Each step along the way was, for the most part, understandable and reasonable rather than nefarious. But the fact is that privacy in the United States is not what it used to be, and until we realize that, our debate about electronic privacy -- Manichean as it is, and focused almost exclusively on the relationship between the government and its citizens -- will fail to resurrect its value.
Four distinct factors have interacted to kill electronic privacy: a legal framework that has remained largely static since the 1970s, significant changes in our use of rapidly evolving technology, commercial providers' increasingly intrusive tracking of our every online habit, and a growth in nonstate threats that has made governments the world over obsess about uncovering these dangers. Only by understanding the interaction among these factors can we begin the necessary discussion about what privacy means in the 21st century -- and how to forge a new social compact to address the issue.
DECADES-OLD PRIVACY LAWS
While technology has massively evolved since 1979, the laws governing electronic privacy have not. Two legal frameworks, both forged in the 1970s, have fundamentally shaped our understanding of electronic privacy.
One of these frameworks is statutory. Congress passed the Foreign Intelligence Surveillance Act, which is at the heart of so much current political debate, in 1978 to govern the collection of intelligence aimed at foreign powers. Although the act has undergone multiple amendments, its language has remained eminently recognizable to lawyers active in the late 1970s.
The other legal framework is a 1979 Supreme Court case, Smith v. Maryland, which addressed whether the state of Maryland required a warrant to install a pen register (which would record telephone numbers called, but not the contents of those calls) on a suspect's home phone. The court held in Maryland's favor, finding that though the actual contents of a call were protected by the Fourth Amendment, and thus were subject to its warrant requirement, information about the call -- like the number being dialed -- was not protected. This is because the Fourth Amendment only applies when the government's actions intrude upon what might be considered a reasonable expectation of privacy. The court found that no reasonable expectation of privacy existed for the numbers a person dials: all phone users were aware that they conveyed this information to a third party, "since it is through telephone company switching equipment that their calls are completed." Further, the court noted that all phone users realize "that the phone company has facilities for making permanent records of the numbers they dial," since they see this information in their monthly long-distance bills.
In other words, when a third party is able to see what a person is doing in an electronic environment, no reasonable expectation of privacy exists. And one can draw a number of conclusions about the legal precedent Smith sets.
One conclusion is that the NSA's metadata collection appears legal. Every call that is part of this collection has, like the calls at the heart of Smith, been transmitted to a third-party commercial provider. Whether or not one thinks the law should protect metadata, Smith sets the precedent that it likely does not.
(Continued on page 2)