In the past two weeks it has rained cats and dogs on the US East Coast. Forget about inches of water precipitation, I am talking here of news relative to personal data rights:
- actual cash thefts consecutive to ID thefts at a unit of NTT, the Japanese telephone company, following similar leaks at competitor KDDI (1)
- recovery of hardware previously stolen with millions of ID's from the department of Veterans Affairs (see 5/30/06 fillip) (2)
- efforts by the Internet industry to fight pornography on online social networks patronized by children (3)
- adoption by the French Parliament of a new copyright law in accordance to European law (4)
- meeting in Rio de Janeiro on a "creative commons" for increasing copyrights flexibility (see 6/13/06 fillip) (5)
In terms of gallons of ink however, no story can beat the flood triggered by Eric Lichtblau and James Risen (*) by reporting on bank data surveillance by the US governement. As a matter of fact, the US administration routinely monitors movements of funds across its borders with the help of SWIFT, a service which routs electronic money transfers between banks and is located in Belgium. Ensued a lively exchange between the media and the US government as to the merits of disclosing this information to the public. The media highlighted concerns about privacy and the US government the need for secrecy to efficiently combat terrorist networks.
As the story runs its course, bipartisan counterterrorists Richard A. Clarke and Roger W. Cressey (**) provide a dampening conclusion: "it is an election year". Does this amount to nothing then but a ritual raining of elephants and donkeys? Do we just need to wait? The sky will be blue again and the sun will be bright. I think not.
Electoral politics and the economics of news reporting both go a long way to explain the flood of ink. But Bill O'Reilly (***), associated with Fox News, correctly identifies the wider stakes: "all [government] investigations might lead to privacy violations". How indeed balance personal privacy and government efficiency in the present Information Age? Let me then take this opportunity to sum up what I believe is the basis for a satisfactory solution:
- recognize individual data rights by considering:
- all personal data as property subject to the Fifth Amendment
- and its collection as a seizure of papers subject to the Fourth Amendment
- tackle the detection of suspicious activity within the framework of pattern recognition science, i.e.:
- clearly distinguish between:
- finding the best tests to recognize criminal activity from a limited sample (aka training)
- and applying those tests to all comers (aka classification)
- determine in advance how to follow up on suspicious activities as flagged by the tests approved for general release
- admit that some innocent activity is bound to be mislabelled as suspicious (the so-called false positives)
- and establish in advance how such errors will be recognized and compensated
- and use the latest technologies to implement such detection so that:
- no private data is collected until and unless the tests have flagged a suspicious activity
- all tests used in the detection process remain secret, unknown to all parties besides the government
Mind, I do not claim the three principles stated above make for swift and easy solutions. In particular finding the best tests for detection remains an issue as such tests need to evolve over time. But no efficient outcome is possible if everybody fights about extending one's rights rather than discharging one's duties:
- to the executive branch, process definition and implementation, with the rights to keep its own tests a secret
- to the legislative branch, process approval
- to the judiciary branch, redress in case of process violation
- to the media, the rights and the duty to inform the public about processes material to security and privacy
- to each person, the rights to keep one's own data private, with the duty to steer clear of abetting terrorism and other criminal activities.
In this perspective, the legality of US Government actions under current laws, both domestic and international, is a mere technicality. The more indiscriminately the US Government tries to access personal data, the more it invites the legitimate scrutiny of the media. The more the US government confuses what should be a public process with what ought to remain secret tests of detecting criminal activities, the more likely secrets may leak as the process is unveiled under media pressure.
There is a better way.
Philippe Coueignoux
- (*).... Bank Data Sifted in Secret By US To Block Terror, by Eric Lichtblau and James Risen (New York Times) - June 23, 2006
- (**).. A Secret the Terrorists Already Knew, by Richard A. Clarke and Roger W. Cressey - (New York Times op-ed page) - June 30, 2006
- (***) Times an unworthy first line of defense, by Bill O'Reilly - (Boston Herald opinion page) - June 28, 2006
- (1) Web security suffers further blow, by David Turner (Financial Times) - June, 2006
- (2) V.A. Laptop Is Recovered, Its Data Intact, by John Files (New York Times) - June, 2006
- (3) Child protection fears hit online social networks, by Aline Van Duyn (Financial Times) - June, 2006
- (4) Some Rights Reserved:Advancing Flexible Copyrights, by Larry Rohter (New York Times) - June, 2006
- (5) English Wikipedia entry on DADVSI, la Loi sur le droit d'auteur et les droits voisins dans la société de l'information - June 2006
|