The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
It's short and unlike, for instance, the "commerce" clause, this language has been interpreted by the courts in a manner that pretty much aligns with how the average person would understand the meaning of the Amendment. We are all familiar with the "search warrant" from innumerable cop shows. A cop has to go before a judge and swear to the judge that he or she has "probable cause" to believe that if he or she searches a certain place (house, car, etc.) he or she will find a specific person (e.g. escaped prisoner) or thing (e.g. illegal drugs). If the cop doesn't have a search warrant or searches the wrong place (i.e. car instead of house) or the cop finds the wrong thing (i.e. escaped prisoner instead of drugs) the cop can't seize whatever he or she has found. And if he or she goes ahead anyhow the evidence obtained as a result of the impropriety is "tainted" and can't be used in a court of law.
Now there are some complexities, but let's ignore them for the moment and look at the broader picture. We all expect a reasonable degree of privacy. In U.S. law that flows from the Fourth Amendment. But an expectation of privacy is found everywhere and every when. So in the most broadest context what's our expectation when it comes to privacy?
For most of history and in most of the world people lived in villages. The village consisted of a grouping of huts. A hut has walls, a roof, and a door. In some cases it has one or more windows. In other cases there were no windows. You couldn't see or, in most cases hear, what was going on within the hut without entering it. Universally a set of manners grew up that said you couldn't enter the hut unless you lived there or you were invited. And it was a breach of manners to peer in through the door or windows. So if you were outside the hut you were in public. If you were inside the hut you were in private. But it came to extend beyond that.
Sex is usually considered a private act since time immemorial. Sex usually happens inside the hut. There were no interior walls or other barriers inside huts so generally speaking the other occupants of the hut were aware of sex, when it was happening. But taboos developed where this activity was not discussed outside the hut and frequently the other occupants of the hut would ignore the fact that sex was going on while it was going on. Other activities that happened inside the hut also became off limits to talk about. They were private.
Many cultures use a variation of an "I see you" as a greeting. The idea is that you are generally not there until you are acknowledged. That transitions your activities from effectively being private (people more or less ignore what you are saying or doing) to public (what you are saying or doing goes "on the record"). So the differentiation between "private" and "public" became more sophisticated. Various cultures developed different sets of rules but all cultures developed rules for separating activities into private and public activities. And in many situations the boundary between private and public could become very complex. The same act could be "private" to some observers while being "public" to others.
And technology marched on. Huts were replaced by houses and buildings. But the privacy rules evolved out of the "hut" model. And oral communication became supplemented by written communication. The adhesives that are required to construct an envelope are a modern development. In the past a letter was folded in an elaborate way and then "sealed". Wax was dripped in such a way as to glue the folded paper closed. A "seal" or "signet" or "chop" was impressed into the wax. This identified who had sealed the message and was supposed to make tampering evident. A universal convention quickly developed that what was on the outside, plainly visible without breaking the seal, was public. What couldn't be read without breaking the seal was private.
These conventions form the basis of the common understanding of privacy. What's inside the building is private. What's outside the building is public. What's on the inside of the letter is private. What's on the outside of the letter is public. Elaborations and exceptions were developed. As cultures get more complex the rules get more complex. But this is the basic, the "natural expectation" of people when it comes to privacy. And it comports closely with the plain language of the Fourth Amendment. The Amendment sets out the rules. And it specifies the proper procedure for governmental authority to use to override the rule.
Now let's be honest here. People have been breaking the rules as long as there have been rules. People listen at doorways or windows. People speak about what is supposed to remain unspoken with respect to goings on within the hut. "Black Chamber" departments of governments developed techniques hundreds of years ago for opening letters, copying the contents, and reclosing them in such a way that no (or very little) evidence of tampering remained. Codes and cyphers were developed so that diplomats could communicate securely in spite of the fact that their sealed correspondence was being read.
But there was a very practical reason why only special people like diplomats worried about their privacy. It was very expensive to violate privacy conventions. So Black Chamber departments snooped in the mail of diplomats but they did not have the resources to go after more than a few people. So the ordinary person was secure from invasions of privacy by the government. And any non-governmental person or group was breaking the law if they snooped.
At about the time that the Fourth Amendment was written Ben Franklin was investigating electricity. He was the first to figure out that it came in two kinds. He posited that it normally flowed from what he called "positive" to what he called "negative". He was right that it flows but he got the usual direction wrong. In round numbers, the telegraph was invented about fifty years later. In round numbers the telephone was invented another fifty years after that. In round numbers the computer was invented still another fifty years after that. And finally, in round numbers the Internet was invented still another fifty years later. Combined, these inventions ultimately revolutionized the privacy game.
The "letter" model was extended to cover the telegraph. Physically the telegram and the means used to transmit, receive, and process it are public. There is no practical method to seal the telegram up. It must be clearly visible to telegraph operators. The signal can be "tapped" from the telegraph wire. But the telegram was wrapped in a virtual envelope of privacy. Employees of telegraph companies were to treat the contents of all telegrams as confidential. It is illegal to tap a telegraph wire. In a practical sense, users adopted the "diplomatic letter" model. They used a variety of codes and ciphers to conceal the contents of their telegraph messages. A similar approach was adopted in the case of telephone calls. Telephone company employees were expected to treat all telephone calls as confidential. And the "get a search warrant" procedure was extended to cover telegrams and telephone calls. With a warrant the contents of a telegram could be disclosed to a government official. With a warrant a telephone line could be tapped.
For a long time, computers made no difference. They were not much used for communication. And, to the extent they were, they were treated like another piece of communications equipment. And in its early days the Internet made little difference either. The Internet is designed to be an open environment. It is the equivalent of people standing in a public square and talking to each other. It is bad manners to listen in on the conversation of others but it is certainly possible. If people want to keep their conversation private they should "get a room" (use something other than the Internet for their communication). But then a revolution gradually happened. Computers (and data storage) became unbelievably cheap. And the speed, ease of use, and ubiquity of the Internet made it the communications channel of choice. So now more and more communication is done over the Internet. The cheapness of computers (both the cost of computation and the cost of storing data) and the convenience of the Internet have created a revolution that has only recently been noticed.
As I indicated above, the practical reason that guaranteed our privacy was the difficulty (both in cost and in effort) of violating out privacy. The FBI under J. Edgar Hoover was famous for decades for tapping phones, opening mail, and doing "black bag jobs" (breaking into homes and businesses to violate the "houses, papers, and effects" of individuals and organizations). This was completely illegal. But Hoover's FBI concentrated their efforts on mobsters, spies, and politicians. (The latter was targeted to secure blackmail material that as used to maintain Hoover's position of power until he died.) The vast majority of us were safe because we did not fall into one of the above categories and Hoover did not have enough agents to broaden his list of targets.
But in the last few years there has been a profound change. It is no longer to difficult and expensive as a practical matter to violate people's privacy wholesale. Computers have evolved (down in cost, up in capability) enough to change the game. The new capability is usually referred to as "big data". Vast amounts of data can now be mined relatively inexpensively. There is a database concept called a "join". If you have a phone number it can be joined to a name. The name and phone number can be joined to an address. A name and address can be joined to a driver's license number or a credit card number or even a social security number. From there the joins can go on and on into nearly any direction you can think of.
And as recently as a few years ago data was spread all over the place. Your drivers license information was separate from your credit card information. And both of them were separated from your tax information (keyed to your social security number) and your medical information (again social security number but in a separate location). The glue that is now available is the Internet. Making data Internet accessible is almost a necessity in the modern era. So now joins can be used to link data from databases that heretofore could not be linked up. But they can now because they are all accessible via the Internet.
And there is now another class of player. I used to work for a bank. And I'd watch movies where the good guy or the bad guy (depending on the movie) would instantly access all this banking data. It was hard not to laugh. I knew that our bank did not have this data instantly available. It was hard to keep it available to the computers located in our data center, let alone anyone or anything located anywhere else. And I dealt with other banks enough to know that the same was true in their case. But that was before cash machines and ubiquitous cred card and debit card readers, all hooked up to the bank's databases so that transactions could be validated instantly and cleared instantly. Now various methods are being worked out so you can buy stuff with your smartphone. There are currently various incompatible schemes for doing this. But people all over the world will be able to buy pretty much anything with their smartphone within a decade. There's just too much money to be made once it's working for anything to get in the way.
Traditional players like banks are in the game and that's an obvious development. But we also have new players like social media in the guise of Facebook and search purveyors in the guise of Google who are gathering vast amounts of personal data. The old business model was "we invade your privacy but only to the extent necessary to do business with you". So banks held personal financial data about you. And doctors and hospitals held personal medical data about you. And until recently this personal data was not very useful for anything other than its original purpose. Doctors in particular have been slow to move from paper records to computerized records. And if it's not in the computer, it is prohibitively expensive to search.
Consciously or unconsciously we knew that these old line businesses could invade out privacy. But they had been around a while and standards and practices (and a certain amount of law) had grown up around them. But Google is less than fifteen years old and Facebook less than ten. And both companies and their new line brethren have been evolving rapidly. And these new line companies have substantial big data expertise. As a group, they invented big data. It is the old line businesses and government agencies that are playing catch up.
In summary, we have the old line players (government, old line businesses, snoopy neighbors or business competitors) with vast new "big data" capabilities. They are combined with new line players like search and social media players who have vast amounts of data and the capability to mine it. The practical barriers to vast and systematic privacy invasions are gone. They have been done in by cheap computers and Internet connectivity. And don't forget the fact that as a practical matter we all live on the Internet now. Illiterate rice farmers in rural villages in India are getting Internet connected via cheap low end phones whose capabilities are not to be found in sci-fi movies of 30 years ago. We can expect the number of people who are not on the 'net to drop below a billion people within a few years and to virtually zero within a few years after that. So what should we do?
Well, one thing not to do is to try to put the genie back in the bottle. The Internet, cheap computers, and big data are not going to go away. In fact, things are going to go the other way. More stuff will get connected to the Internet and the Internet will get faster and cheaper. Computers will also continue to get faster and cheaper. And big data is still in its infancy. Techniques for exploiting big data will continue to improve. This will result in more and better ways for your privacy to get invaded. The other thing not to try is to give up, to decide we live in an open world where more and more people have more and more capability to learn more and more about you and there's nothing that can or should be done about it.
Specifically with respect to the NSA, it looks like the worm is finally turning. 9/11 was used to scare all of us into turning the NSA loose to do whatever it could figure out how to do. (They were also given vast amounts of money so cost was not an impediment.) I don't know why but people were convinced that the NSA would only go after the bad guys. Pretty much everyone can quote the old saw "power corrupts and absolute power corrupts absolutely" but people somehow believed that giving the NSA vast amounts of money and vast amounts of legal authority would not lead to incompetence, stupidity, and abuses. It is in the nature of bureaucracies to build empires. And when a bureaucracy can empire build in an environment where everything they do is secret and their mission is deemed critical then empires will be built.
My reading of the 9/11 commission report is that the government had all the information it needed to stop the attack. But the information was "siloed", each bureaucracy kept its information in a "silo". People in their organization got access to the information but people in other organizations did not. Between the FBI, the CIA, and the NSA all the information to connect the dots and foil the plot was there. But no one was able to put it all together because no one had access to all the information. (The FBI is an egregious example here. Two different supervisors shut down two different field office investigations that would have exposed the whole plot. And here there was no siloing. The FBI had everything it needed.) In spite of this, additional "authorities" were given to various government agencies, but especially to the NSA. They were authorized to vacuum up everything. And they did. There are supposed to be "checks and balances". But they are pathetically weak. And everyone who has been able to see what has really been going on has concluded that even these weak checks and balances were ignored routinely. Read for instance, the opinion of Judge Leon in the NSA case I referred to above ("Klayman et al. v. Obama et al. -- U.S. District Court for the District of Columbia Civil Action No. 13-0851").
The biggest problem with the NSA is that they have collected vast amounts of data into a single NSA managed repository. The obvious fix here is to take the repository out of the control of the NSA. A White House study has apparently recommended this. (The study is classified but this item has leaked and the leak is presumed accurate.) I think this is a good idea. I think a quasi-governmental entity should be set up. This entity should own and maintain the repository. It should be responsible for making sure that access rules are in place and that those rules are followed. Telcos and others who currently contribute the data to the NSA don't want the job. Who knows where the data will come from in the future so I think a separate entity is the way to go. This means that the government has your data but at least the possibility would exist that it was secured and administered properly. I think the budget for this new entity should come from the current NSA budget.
I think we should also look at how much of and what kind of data is being collected. Various claims have been made as to how valuable the data has been so far. But the data to justify the claim is highly classified. I have been a student of intelligence matters for a long time. The intelligence community is fond of saying "we have had many successes but we can't talk about them". But the record shows that in fact they have had many failures and have used the classification system to hide or minimize them. There is usually a political advantage for information on the successes to leak out and it does. For instance, I know of no great cold war success that did not leak out within a few years, perhaps a decade. The cold war ended more than a quarter of a century ago. And in that time information on a number of failures and bungled jobs has dribbled out. See also the Leon opinion I cited above for how valuable this database has been. He says "the Government does not cite a single instance in which analysis of the NSA's bulk metadata collection actually stopped an imminent attack, or otherwise aided the Government" (page 61 - emphasis in the original).
As a rule of thumb I recommend this: Of everything that is classified about one percent really needs to be secret for more than a short period of time, say a year (and often much less). About ten percent is classified to avoid oversight leading to possible embarrassment and about 90% is classified as the result of sheer bureaucratic inertia. Bottom line: The NSA is collecting far more data than it needs or can even make use of. (Although "big data" techniques continue to make it easier to make use of large amounts of data.)
But that's the NSA. And, of course, similar restrictions could be put on other government agencies. But, as I indicated above, there are now other non-governmental players: the new line players and the old line players that are catching up. Laws, rules, etc. can be used to reign in the government (at least in theory -- let's see what congress actually does). But these non-governmental players are a whole different kettle of fish. What should be done?
I have heard a number of proposals made over the years by pro-privacy groups. I consider most of them misguided. A couple of lifetimes ago (here I am using Internet years) Intel was going to put an easily accessible serial number in their "486" chip. The pro-privacy people raised such a ruckus ("they'll be able to know who I am") that Intel gave up on the idea. So what happened? Software designers used another of the hundreds of unique numbers found on all computers. So developers had to write a couple of hundred extra lines of code to find something that would behave like a serial number and went ahead with their plans. So most of the pro-privacy suggestions are pretty useless. Okay . . .
I think that a fundamental legal principle needs to be adopted: If the data is about you then the owner of the data is you. Right now whatever data Google collects about your searches is owned by Google. They can promise you anything they want about what they will or won't do with that data but at the end of the day it's their data and they can do whatever they want with it. So they do. Facebook has gotten into trouble multiple times because they keep tweaking the privacy settings so that it becomes harder and harder for you to keep anything private. Why? Because they want to sell as much data about you to as many companies as they can for as much money as possible. The more data and the higher quality the data the more valuable it is to Facebook. I don't have a Facebook account but it seems to me that Facebook recently got in trouble for selling pictures from your "wall" to whoever wanted to buy them.
If all this data about you (i.e. the pictures on your wall) was owned by you then the legal situation would be quite different. Now the collector of the data (Facebook, your bank, your doctor, etc.) would be given a "use" right to your data. They would be permitted to use it in whatever means were necessary to provide the service you signed up for. But that would be it. They would no longer have the right to sell the data (or trade it or lend it out) simply in order to make a buck.
This may seem off point but let's talk about world trade for a minute. Why are Nike shoes made in China? There are many components to the answer but I am going to single out only one. It's because it is cheap to ship raw materials from all over the world to China and it is cheap to ship the finished shoe from China to the U.S. Shipping is cheap. And there are two components to this cheapness. There is the actual cost of shipping the goods. Then there are the tariff and non-tariff barriers or lack thereof. As a response to the Great Depression the U.S. passed the Smoot-Hawley Tariff Act. It succeeded in its design to increase the cost of imported goods. Another trick is to introduce "non-tariff barriers" to trade. Japan was particularly good at this. They both have the same effect. They increase the cost of imported goods or, in some cases make importing goods completely impossible. It should come as no surprise to learn that many countries follow the lead of the U.S. and later Japan, raising tariff (and later non-tariff) barriers that protected their domestic markets from foreign competition. And these barriers were very successful. Trade in the '30s when the tariff wars were at their most fierce fell to very low levels. As barriers have slowly been removed, especially in the last few decades, world trade has grown by leaps and bounds.
I hope it is now clear why I chose to talk about trade. Trade barriers worked as a method to reduce trade. Data interchange used to be effectively impossible. Think cave men on rafts. Then it was very difficult. Think trade around the Mediterranean a thousand years ago. Then it was only difficult. Think trade during the '30s. Now it is quick and easy. Think the current era of trade. I suggest that the same techniques that depressed trade would depress wholesale data interchange. Tariff and non-tariff barriers could be put into place to inhibit the current "wild west" trading of data between companies. This would ease the pressure to invade people's privacy.
Ultimately norms of privacy protection need to be established and, where there is something to build on, enhanced. Laws and regulations need to be put in place to protect data. Companies need to be fined and executives need to be jailed for privacy failures. It was recently reported that 40 million Target customers had their credit card information stolen. Given that this kind of security failure is now common, Target will suffer some embarrassment, but very little. I don't think they will be fined, not even by the card issuers that will actually suffer most of the loss. And certainly no one at Target will go to jail unless it turns out to be an inside job. The people that perpetrated this fraud are likely to get away with it. Even if they don't, they are balancing vast potential gains against a small likelihood of getting caught and, in the worse case, a few years of jail time. That looks like a pretty sweet proposition to me.
So things need to change. It seems likely that things at the NSA will change. But even that is not a certainty. Change elsewhere is much needed but seems less likely. Theoretically, libertarians and "defenders of the Constitution" (e.g. groups like the Tea Party) should be leading the charge. But there is very little activity going on there. There is some pro-privacy fire on the left. But it is only some and powerful interests think they can be safely ignored. Ultimately, the public needs to believe that the issue is important and that something can be done about it. I think most of the public thinks that it is at least moderately important. But I think most people are convinced that nothing can be done.
Unless, of course, you are talking about any kind of information relating to guns. Then everything can. should, and probably will be done to make sure that no one (except the NRA and gun manufacturers) has access to any kind of data about gun ownership. If it's gun related then anyone, including foreigners and terrorists should be able to purchase any kind of gun they want. And they should be able to purchase as many guns and as much ammunition as they want too. Being on the terrorist watch list is not sufficient to deny you the rights and privileges of gun ownership.
