In Chicago for the annual meeting of the Association for Educators in Journalism and Mass Communication, I had a chance to be in the audience for the convention keynoter, Marc Rotenberg, the director of the Electronic Privacy Information Center. Beyond his highly visible work with the center, Rotenberg also chairs the American Bar Association privacy commission and teaches at the Georgetown University Law Center (and, impressively, has won the Washington, DC chess tournament).
As Rotenberg himself emphasized, it is not altogether self-evident that the interests of privacy advocates would necessarily gel with the interests of journalists. The history of Supreme Court action has frequently revealed the ways in which a constitutional right to privacy can come into direct conflict both with the First Amendment rights of expression and with the rights of journalists (such as when journalists test the limits of what personal information might be revealed in their reporting). Journalists want to publish things; privacy advocates want to keep things secret. But Rotenberg made a persuasive case that this tension should not be understood as the characteristic or normal state of affairs. He noted that privacy and expressive rights are often simultaneously jeopardized as corporations and the state both seek to act in ways that aggregate their own power. And of course he also called attention to the fact that the very same post-Watergate Congress passed both the 1974 Privacy Act and freedom of information protections. Both were seen as improving the functioning of government.
But Rotenberg’s main point was to call attention to the truly far-reaching but underreported ways in which, in 9/11’s aftermath, privacy is under siege. We have a tendency to think that the national privacy debate is mainly and rightly concentrated on arguments over the President’s executive power (especially with respect to wiretapping and FISA limits) and the justificatory cover provided by the Department of Justice. But Rotenberg sees the real action as happening not at DOJ but over at the vast Department of Homeland Security (now the federal government’s third largest agency), where pressures quietly mount to inexorably expand surveillance and database systems in ways understandably driven by serious concerns over terrorist attacks but which also risk jeopardizing the privacy rights of the American people.
These changes are both subtle and obvious, and part of what is remarkable about this is how comfortably Americans have adjusted to the new privacy-lite regime. When a person attempts to board an airplane, she consents to have her name run through a national terrorist watchlist, but what is remarkable about this is that citizens can now be impeded in ways we do not even question (if you are on the list you can be prevented from flying) although by definition, one’s appearance on the list means their actions have not yet risen to the level that warrant arrest or even genuine/official criminal suspicion (that is, if the federal government had enough information to prove a given person was a genuine security risk, one assumes that being flagged at an airport would be an arrestable offense). Or consider the program now being implemented which digitally collects 10-finger prints from travelers entering the country. Just five years ago the only persons who would have been required to submit such information were those who had been arrested and formally charged with a crime. New xray systems are being installed in airports that will provide full body images of every traveler showing them as they appear undressed. Only after EPIC pointed out to TSA that the vendor’s website bragged that the machine produced images readable and storable on any personal computer did the federal government agree that they would disable the recording function of the software.
Rotenberg’s center is now tracking how federal agencies are leaning on the states to weaken their open records and privacy protections. A recent example of this is that in creating so-called Fusion Centers, which allow the federal government access to the information collected by state police agencies, pressure is being applied so that state transparency and privacy protections will be rewritten to exempt the Fusion Center efforts. Only after a successful FOIA request did EPIC learn that Virginia had signed a contract with the federal government committing to shield the Fusion Center program from state privacy laws.
The point is not to abandon all attempts at information gathering, some of which obviously make sense and because of their minimal intrusiveness are reasonable responses to international criminal activity. But this minimal intrusiveness also means these programs must be more closely overseen since the gravest threats to liberty seem most often to arise in insecure times, when well meaning bureaucrats do their best to protect everyone else, and when publics are unlikely to aggressively assert their liberty interests (and when they do comes the inevitable suspicion: do you have something to hide?).
This is a potentially unique challenge today (Rotenberg implored journalists to more closely report all sides of this debate) because the most concerning threats to privacy are arguably not the highly visible questions we debate regarding legal authorization and presidential power, but rather center on more legally obscure and technically complicated aspects of privacy protection, such as the limits on who sees and collects surveillance data collected by cameras mounted on city light poles, what default corporate data management practices are in place (how long is data saved?, who gets access to it?, etc.), and how identification documents are catalogued and the resulting information shared, where the main agents of privacy erosion are more likely to be software engineers and designers who write unseen database collection into the code than readily identified and vilified bureaucrats. One suddenly awakes to discover he is named on a terrorist watchlist and has no idea why, nor any reasonable recourse to discover or question the source of the apparently damning information. That such database management is now so commonly handled in the private sector (by entities like Google and AT&T, whose arms-length role with federal contracting agencies often protects both from full accountability) makes the situation potentially alarming.