Vol. 2 / No. 1 / Fall 2002  

Homeland Security & Privacy

by Ellen Alderman

Striking a Delicate Balance

Attorney Ellen Alderman, along with her co-author and fellow attorney Caroline Kennedy, has written two definitive books* and numerous articles examining how the structure of our democratic government and our laws affects the lives of American citizens. In light of Andrew Carnegie’s mandate to Carnegie Corporation of New York, exhorting the foundation to pursue “the advancement and diffusion of knowledge,” coupled with our concern for strengthening our country’s democratic processes, we asked Ellen Alderman to write this essay on the tension between homeland security concerns and privacy issues post-September 11th. Sidebars to the article present overviews of other efforts to address the troubling question of how to protect privacy in a world interconnected by the Internet and confronted by the challenges of terrorism.

September 11th, we are told, “changed everything,” but at least one thing that should have changed, has not—the conventional wisdom that we cannot protect both our country and our civil liberties, especially our right to privacy. While new efforts to increase security undoubtedly pose threats to our privacy, the trauma and rigorous self-examination of the past year present a remarkable occasion to improve privacy protection in this country—providing we are willing to do so. Just as we have now come to the conclusion that our entire homeland security apparatus needs an overhaul, so, too, we must rethink our approach to protecting our right to privacy. Indeed, many issues we must address regarding privacy and homeland security dovetail, so that committing ourselves to both will enable us to better protect our country and our liberties.

We probably made a mistake from the start when we allowed the issue to be cast as a choice between privacy and security. Certainly, if we really did have to choose one or the other, there would be no contest; we would choose security and then perhaps loathe the oppressive world we would live in. As Supreme Court Justice Antonin Scalia recently said in another context, “We can all stipulate that the safest societies in the world are totalitarian dictatorships.” Instead, it is the promise of the Bill of Rights that we do not have to choose between privacy (or any other civil liberty) and security. We can have both, yet neither will be absolute. It is not a choice, then, but a balance.

In striking this balance, as a society we have always been willing to weight the scale toward security. After September 11th, we are understandably and appropriately even more willing to lean in that direction. Yet a thumb on the security side of the scale is one thing; surrendering our privacy for security without question is quite another, and arguably dangerous because, in the process, we may give up a precious right without ensuring increased safety, and so become less free but not more secure. Thus, the key question is not which one to choose, but whether the gain in safety outweighs the loss of privacy.

Answering this question requires a kind of open-minded, rigorous, even imaginative national debate that has not traditionally characterized our engagement with these kinds of issues. Without such thoughtful evaluation, however, our failure is likely to be on both sides of the balance—not only in protecting our homeland, but also in safeguarding our right to privacy. It is imperative that we bring the process of balancing privacy and security into the 21st century, both to preserve our rights and to ensure our safety.

The American Approach to Privacy

One of the reasons there is so much room for improvement in the ways we protect our right to privacy is that we have never been particularly good at it in the first place. In general, our approach to privacy in this country has been a rather piecemeal affair. Instead of developing a comprehensive policy to protect this precious right, we have often waited until our privacy has been violated and then reacted. For example, state motor vehicle departments routinely sold our driving records until a man in California used them to stalk and murder Rebecca Schaeffer, a young actress. Spurred by the circumstances of Schaeffer’s death, in 1994 Congress enacted the Driver’s Privacy Protection Act, which generally prohibits states from disclosing personal information that their citizens submit in order to obtain driver’s licenses. Similarly, records of which videotapes we’d rented were widely available until opponents of Judge Robert Bork’s nomination to the Supreme Court obtained records of his viewing habits during his confirmation hearings (they turned out to contain nothing controversial). After that incident, in 1988 Congress enacted the Video Privacy Protection Act, which prohibits “wrongful disclosure of video tape rental or sale records.” This scatter-shot, after-the-fact approach has left a patchwork of privacy protection that is difficult to understand and often doesn’t make sense. For example, while your video rental records are protected by federal law, your medical records are not.

In the last decade, largely through the work of privacy advocates, we have become much more aware of threats to privacy that are integral to modern society. Accordingly, the issue has gained in public attention and political clout. But much of the new-found power of the privacy movement stems from concerns unrelated to public safety, such as worries about personal habits being tracked and exploited for marketing purposes; sensitive data such as health or financial records being divulged without consent; increasing press intrusion into private lives; and mounting incidents of identity theft and video voyeurism.

In the context of safety issues, though, our approach to privacy remains much like our pre-September 11th approach to security: based on outdated or erroneous assumptions and executed without any real assessment of effectiveness. Out of fear, we have been willing to cede privacy rights without considering less intrusive alternatives, or worse, without questioning whether a new security measure works at all, thus compromising not only our civil rights but also our safety. When new security measures have been implemented, we have rerely built in effective protections against abuse, a step that would protect privacy without affecting safety. And we have not provided meaningful, long-term oversight to serve the twin purposes of deterring any future abuses while also evaluating whether a security measure continues to be effective. Finally, and arguably most important of all, we fail to adequately consider what social frontiers new and stringent security measures may lead us toward and whether we really want to go there.

Alternatives

For those who fear a loss of privacy, there is reason for optimism. Many of the most promising and urgently needed security measures have little or nothing to do with privacy. Some of these measures are known as surveillance of means (which raises few privacy issues) rather than surveillance of people (which, by definition, compromises privacy). For example, security experts agree that the best protection against the terrifying prospect of weapons of mass destruction—nuclear, biological and chemical—in the hands of terrorists is to do a much better job of securing these lethal materials at their source, whether in nuclear stockpiles, laboratories or warehouses in the U.S. or around the globe. (Eight countries are known to have nuclear weapons but we are not sure exactly how many of these weapons exist or even where they are all kept. And nearly a year after the anthrax attacks, we still cannot definitively trace the source of the deadly agent.)

Similarly, we do not effectively safeguard the means—such as crop dusters, private aircraft and shipping containers—of deploying or transporting these materials. (Of the 2,000 shack-sized containers that enter the United States by land, sea and air each hour, less than two percent are opened for inspection). In addition, we must do much more to protect facilities such as nuclear reactors and water treatment plants, which are still frighteningly vulnerable targets.

More research and resources must be devoted to each of these critical components of homeland security. New technologies can help us to develop more effective devices to detect radiological (“dirty”) bombs before they detonate or to warn of a release of deadly chemicals. New scientific technologies can identify pathogens such as anthrax and smallpox before they spread. Vaccines against diseases dispersed by terrorists, as well as medicines to treat the fallout from radioactive or chemical attacks, would rob such assaults of their power to kill and terrorize. More efficient communications networks, especially between law enforcement agencies, emergency responders and medical personnel would also add to security. In June, the National Research Council (NRC), a committee of the nation’s leading scientists, engineers and physicians, issued a report lamenting our failure to harness and coordinate our country’s incredible scientific and technical resources to take these and other steps to protect ourselves. The NRC proposed a new think-tank agency, a Homeland Security Institute, to do so. The authors of the report deemed these measures “critical contributions to protect the nation from catastrophic terrorism.” None infringe on privacy.

Similarly, experts in international relations have urged that foreign policy and diplomacy (as well as education and training in these fields) be revamped to focus on gaining global cooperation to secure nuclear and other potentially devastating weapons, make countries less hospitable to terrorists, address reasons people turn to terrorism in the first place, rehabilitate America’s image in certain parts of the world and develop other strategies to help safeguard the United States. Again, these crucial steps have little to do with our privacy rights.

Of course the most far-reaching security proposal of all, restructuring the United States government to address glaring lapses in the infrastructure of homeland security, does not infringe on privacy. In fact, the task of merging all or part of 22 agencies into one Department of Homeland Security, as has been called for by President Bush, with the intent of fixing the rampant defects in each—as well as coordinate with the FBI and CIA—is so extensive and complex a project that it is possible we cannot truly know the extent to which additional intrusive security measures are necessary, or how beneficial they might be, until we get these sweeping changes in place.

Given that there are many directions to follow in pursuit of security, we need to be sure that our government has done everything possible to protect us and our nation without weakening our rights. And we have ample cause for concern. The list of shortcomings in existing security safeguards have already come to light. Recently, for instance, Attorney General John Ashcroft announced plans to have the Immigration and Naturalization Service (INS) fingerprint 100,000 Middle Eastern visa holders; the next day, the Justice Department’s own inspector general testified before Congress that the INS and FBI were “years away” from processing the fingerprint files already on hand. Tens of thousands of foreigners are illegally obtaining Social Security numbers each year (and the identification papers that go with them) by using fake documents such as visas and green cards simply because the Social Security Administration does not have a system to verify records with the INS. When this report appeared in The New York Times, readers wrote in with 800 numbers to call and web sites to check to find the information the Social Security Administration was unable to obtain. And this past July, John Magaw was forced to resign as head of the newly created Transportation Security Administration less than six months after taking the job because of the agency’s failures in a number of areas, including delays of many months in conducting tests on procedures to close loopholes in checked-baggage security and putting ordinary travelers under intense scrutiny while not putting measures in place to investigate passengers who should raise concerns. Is this really the best our nation can do?

Effectiveness of Intrusive Measures

Even when we do consider intrusive new security devices or surveillance programs, we have a flawed process for doing so. Historically we often have begun with an inaccurate assumption, namely that more surveillance (and less privacy) must equal more security. How could it not, we think? If the authorities can see more of us, isn’t it less likely one of us will have an opportunity to do harm? Not necessarily.

Some new security measures simply do not work as we imagine. For example, one of the most highly touted devices is Face Recognition Technology (FRT), a system that, when coupled with closed-circuit surveillance cameras, can scan faces in a crowd and compare them to a data bank of suspected terrorists. Yet, by the Department of Defense’s own report, the best of such systems makes a correct match only about two-thirds of the time. Some systems have only a fifty percent success rate. More important, even if the identification component is improved, the system is only as good as its database—and the database of photographs of suspected terrorists is tiny: we simply do not have pictures of the many individuals around the globe who are a threat to us. For the most part, we aren’t even know who they are. Jeffrey Rosen, associate professor of law at George Washington University Law School, studied the FRT system in England, where it has been in widespread use for years. Rosen reports that British authorities have not captured a single terrorist using the system. Nonetheless, FRT is now gaining momentum in the United States. By relying on such a system, are we missing the opportunity to pursue the development of something else that may better protect us?

At airports, we are testing a new Superman-style x-ray device called a BodySearch that can see through your clothes, presenting a naked picture of you on a screen and revealing weapons or drugs concealed beneath your garments. But as the July 4th shooting at the El Al airlines ticket counter at Los Angeles International Airport indicates, unless every individual who is allowed anywhere near an airport is stripped naked, even going to the BodySearch extreme may not improve airline security. Also, last spring, during an undercover investigation at 32 airports across the country, screeners missed guns 30 percent of the time, simulated explosives 60 percent of the time and knives 70 percent of the time. This was in the months immediately after September 11th. Security experts said they were not surprised and assured us that new federal baggage screeners being hired will do a better job.

But it is surprising—and appalling—that 70 percent of the weapons of choice for September 11th sailed through security and onto airplanes immediately following the carnage. Isn’t there even a normal post-tragedy uptick as those on duty work under increased scrutiny and fear of facilitating a catastrophe? Wouldn’t people with no training at all do roughly as well? Such an egregious across-the-board failure suggests, at least, that there is something fundamentally wrong with the process itself. Perhaps people staring at x-ray screens for hours on end, day after day, no matter how good the pay and training, is not the best setup for ensuring our safety, and laying ourselves bare, as we now do our luggage, is not going to change that. Some have called for a clean slate, saying that we should reconsider airport security from the ground up rather than layer new surveillance devices onto a faulty system. In its report, the NRC warned that while the new Transportation Security Administration is charged with overhauling airline safety, it does not have a systematic approach for evaluating the effectiveness of its programs, has no scientific expertise to identify technological needs, nor any scientists or engineers who can fulfill them.

In fact, we have never been particularly systematic or exacting when it comes to evaluating security measures. For instance, if crime rates fall in neighborhoods with surveillance cameras, the cameras tend to get the credit without considering whether the drop is due to social or economic changes in the area, or whether the criminal activity simply moved down the street. Now, when the proposed measures are as intrusive as the BodySearch or a national identification system, and the harm we are faced with is as devastating as September 11th, we have to be much more exacting in determining just how effective a proposed security device is. Sometimes more intrusive measures are not the best way to improve public safety, they are just the easiest.

Protecting Against Abuse and Misuse

Although we cannot always be sure whether or not security measures will keep us safe, we can be certain that there’s a good chance they will be abused and used in ways we never intended. When tavern owners began using bar-coded drivers licenses to keep out underage drinkers, they were surprised—and delighted—to realize that they ended up with a database of names, addresses, ages, even social security numbers that could be exploited for marketing.

Video surveillance has created even more notorious opportunity for abuse ranging from male operators using the system to zoom in on women’s body parts (sometimes preserving an image as a wall poster) to a kind of virtual profiling system with cameras focused on individuals from a particular ethnic group. (Jeffrey Rosen found these misdeeds flourishing under the British surveillance system). Yet, as of this writing, police officers in our nation’s capital have 14 cameras in use that have the ability to link up with and access hundreds of additional cameras in the city’s schools and subways, and at a recent meeting in Washington, D.C., city officials admitted there were no standards in place regarding where the cameras could be installed, who could monitor them or how long the information would be kept on file.

In the private sector, video Peeping Toms have thrived, hiding cameras in dressing rooms, restrooms and bedrooms. The law, as usual, has had to play catch-up. Some egregious violations of privacy, such as secretly videotaping lovemaking, have gone unpunished simply because there was not yet a law that said it was wrong.

We agree to give up our privacy to be more secure, not to assist marketers, entertain bored security guards, or worse. Some of the abuses and misuses of security measures are relatively harmless, some are devastating and many are preventable. There is no reason to set up security systems that practically invite abuse. Safeguards can be built in from the start, through both law and technology.

When privacy issues began to gain attention in areas other than homeland security, they were not only a major consideration in the development of new products, but also became a selling point. For instance, when a supermarket chain’s frequent buyer card was exposed as a means to collect data about shoppers, a rival chain touted its own “privacy friendly” card. When the Internet marketing giant DoubleClick admitted it used “cookies” to amass information on unsuspecting web surfers, it was a disaster for the company and gave bragging rights to competitors who did not “put their hand in the cookie jar.” And recently, Microsoft introduced Palladium, a new system kicking off a mind-boggling long-range plan to change the architecture of personal computers as we know them, in large part to address privacy concerns. When privacy becomes a priority, resources and ingenuity go into creating new possibilities for protection.

There is no reason the same effort and energy cannot be applied to homeland security measures. The NRC’s proposed Homeland Security Institute, or something like it, could harness our best brains and resources to devise measures to keep us safe and protect privacy at the same time. We can also do a better job of protecting privacy in legislation that authorizes intrusive measures. When Congress gives law enforcement new or broader powers to listen in on phone conversations or read e-mail for example, the increased access can be restricted to cases of suspected of terrorism. It can even be stipulated that such access is extraordinary and not to be extended to traditional law enforcement concerns. Any new security measures should also include protection against abuse, backed up by strict sanctions for those who misuse them. If a statute is enacted in an emergency, it should contain a “sunset” clause providing for its expiration at a set time. After rigorous review of how well a law has worked and evaluation of the alternatives, a law may be reinstated.

Congress took some of these steps in October 2001 when it passed the mammoth USA Patriot Act. The Patriot Act gives law enforcement sweeping new powers of surveillance, among them: greater ability to share information among different law enforcement groups; greater authority to use “sneak and peek” warrants to conduct a search without notifying the target (e.g., searching your home when you’re not there); and the new power to obtain information about an individual’s Internet activity simply by “certifying” that the information is “relevant” to an investigation (critics liken this search to demanding that a librarian reveal all the material you perused at your local library).

Congress was able, in just a few weeks, to pass this 342-page law, which amends some 15 statutes because, in essence, the blueprint for it had already been drawn. Law enforcement agencies had been trying to get this kind of authority for years. In the immediate aftermath of September 11th we were willing—eager really—to give the authorities the benefit of the doubt. But now, law enforcement and Congress should do their part to assure us that these were indeed the right steps to take. The new surveillance powers were justified as essential to fight terrorism, but the claim began to lose credibility when, in some instances, such as the “sneak and peek” warrants, the new authority was extended to all criminal investigations. Many of the provisions have a sunset clause of 2005, but the most controversial one, lowering the standard for surveillance of Internet use, does not. All of the provisions should have sunset clauses and Congress, in its oversight role, should make them meaningful.

Oversight

Legislation such as the Patriot Act—and a new approach to privacy in general that emphasizes effectiveness of proposed intrusive security measures, considers nonintrusive alternatives and builds in privacy safeguards—will work only if we strengthen a crucial element that has been neglected, even after September 11th, in our approach to both security and privacy: we need a much more vigorous oversight system to ensure that our new security measures are indeed protecting us and are not being abused.

At least some of the privacy concerns raised by recent legislation and policy changes that give more surveillance power to federal law enforcement can be addressed by rigorous oversight. The FBI has eased restrictions on agents’ ability to surf the web and attend certain political and religious gatherings in the course of an investigation. Both seem like reasonable measures, but restrictions were put on these activities because of past egregious abuse, such as the FBI’s notorious COINTELPRO program, which went on for years. (In the early 1970s, COINTELPRO was exposed as a domestic counterintelligence program run by the FBI and aimed at a broad range of activist groups; the methods COINTELPRO agents employed went far beyond surveillance, including the use of force and fraud, and abused numerous constitutionally protected rights.) So, if after September 11th, we want law enforcement again to have more surveillance power, let’s also understand how important it is to keep a better eye on them this time.

In regard to the Patriot Act, by 2005, law enforcement officials should demonstrate that the new surveillance powers are working, are not being abused, are still necessary, and are still the least intrusive means of getting the job done. Lawmakers should be willing to revise, rescind or overhaul the law as necessary. If handled properly, the Patriot Act and FBI policy changes may show us that, in some instances, the best way to strike the balance between privacy and security is not in refusing to allow more surveillance, but in insisting on more oversight. There may be times when our best protection is not to decrease the government’s ability to see us, but to increase our ability to see them. And to demand accountability.

Congressional oversight is part of the proposed new homeland security plan, of course, but it cannot be the hodgepodge of committees and subcommittees (88 by one count) that now oversee pieces of homeland security. It is not just the homeland security infrastructure, but also the oversight apparatus that needs an overhaul, including procedures to safeguard sensitive information while affording proper review. Some have also suggested strengthening the inspectors general who currently investigate federal agencies and removing them from the departments they are charged with overseeing. Still others propose an independent committee made up of experts in the field who would gain proper security clearances and oversee certain aspects of the homeland security program. The ultimate answer will likely be a combination of all these possibilities.

Long-Term Consequences

Finally, we have to better understand the long-term consequences of relinquishing some of our privacy in any given situation. In this we have failed as often as our elected officials. The loss of privacy appears simple enough—it manifests itself in how a naked image of ourselves may be examined, how what we do in public may be captured on videotape, or how our e-mail may be read at random. Yet even these intrusions may be only the beginning. Historically, new security measures never turn out to be temporary. Nor do they stay where they are put. They creep out, multiply and procreate, slowly insinuating themselves into other areas of our lives well beyond the original public safety concern. They gradually change our behavior, our idea of what we should be able to keep to ourselves and even our laws.

Consider drug testing. Just a generation ago it was unthinkable that we would urinate upon command with a monitor outside the stall listening and waiting to send the sample for testing. Random drug tests first reached the Supreme Court as a public safety measure involving railway workers. Though still repugnant in other areas, drug testing began to make sense for those in safety-sensitive jobs such as train engineers, airline pilots and workers at nuclear reactors. Then such testing began to spread to other jobs only tangentially related to public safety, and finally into the private sector where employers now routinely require urine samples from prospective corporate employees justifying the demand on the basis of productivity and profit concerns, not security.

In schools, the process was similar. The Supreme Court first upheld random drug testing for students who wanted to play sports in a school with a proven drug problem, where athletes were the leaders of the “drug culture.” With that license, other schools began random drug testing of all students who wanted to participate in any extracurricular activity. One Oklahoma school with no known drug problem required a urine sample from participants in the future homemakers club, band and choir. This past June, the Supreme Court upheld that program too.

The proliferation of video cameras has been more subtle and extensive. Their use in public also began as a public safety measure, first appearing in likely robbery targets such as banks and convenience stores. We barely noticed when the devices—renamed security cameras—began creeping into other stores, lobbies, elevators, restaurants, malls and out into the streets. (Even before September 11th, there were more than 2,400 video cameras trained on the streets of New York City). Then, in many instances the cameras were networked, grouped together to form a comprehensive surveillance system in which multiple scenes could be funneled into one command center. The National Parks Service recently announced plans to install such a closed-circuit television system at the Washington Monument and the Lincoln, Jefferson, Roosevelt, Vietnam and Korean War Memorials in the nation’s capital.

It is crucial to understand that in accepting these security measures bit by bit, we are not only changing our behavior and our idea of what we can keep private, we are also changing the laws that legitimize these intrusions. Most of the security measures proposed in the past year (for example, airport searches, wiretaps, e-mail intercepts, video surveillance and the BodySearch system) will be governed by the Fourth Amendment, which prohibits “unreasonable searches and seizures.” The Supreme Court has declared that the Fourth Amendment protects Americans’ “reasonable expectation of privacy.” To decide what we can reasonably expect to keep private, courts do not look to an objective standard of what should be private in a free society; among other things, they look to us. (In a recent example of how changing social mores can influence law, this past summer the Supreme Court banned executions of the mentally retarded, citing a growing national consensus against such acts.) If the government intrudes on us in a certain way and we go along with it, that is a good indication that we do not consider that area of our lives private. The more we accept, the less we can expect, as a practical matter and as a matter of law.

Striking a Balance

The new mantra is that “everything has changed”; if that’s true, then the changes must include the way we strike the balance between privacy and security. September 11th stripped the emperor’s clothes from our national security apparatus and revealed terrible failings in the way we protect our country. We are now overhauling our whole approach to homeland security. We should do the same for our equally flawed approach to protecting privacy.

It was the expectation of our founding fathers that we would always find ways to balance our civil liberties and the nation’s security without abandoning either. We can do much better in protecting both our homeland and our privacy, and in finding the right balance. If we do not, it is a failure, not of our constitutional system, but of the collective will of the people and of our imagination.

*In Our Defense: The Bill of Rights in Action (William Morrow & Co., 1991); The Right to Privacy, (Knopf, 1995)

Vol. 2 / No. 1 / Fall 2002