Visit NAP.edu/10766 to get more information about this book, to buy it in print, or to download it as a free PDF.
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
The tension between individual privacy and law enforcement or national security interests has been an enduring force in American life, its origins long predating the advent of new media or current technologies. Nowhere else is the tension between “it’s none of your business” and “what have you got to hide” so easily seen. 1
Although these tensions predate the information revolution, new technologies, new societal contexts, and new circumstances have sharply intensified that conflict, and even changed its focus. Section 9.1 focuses on the uses of information technology in law enforcement and discusses the pressures that such uses place on individual privacy. Section 9.2 does the same for national security and intelligence.
As an illustration of the latter, Houston police chief Harold Hurtt referred to a proposal to place surveillance cameras in apartment complexes, downtown streets, shopping malls, and even private homes to fight crime during a shortage of police officers and told reporters at a police briefing, “I know a lot of people are concerned about Big Brother, but my response to that is, if you are not doing anything wrong, why should you worry about it?” See Pam Easton, “Houston Eyes Cameras at Apartment Complexes,” Associated Press Newswire, February 15, 2006.
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
By its very nature, law enforcement is an information-rich activity. The information activities of law enforcement can be broken into three categories.
All of these gathering and analysis activities have been altered in basic ways by functional advancements in the technologies that have become available for collecting, storing, and manipulating data.
In actual practice, these categories can overlap or the activities in each category can occur in several temporal sequences. When a police officer observes someone breaking a law, the officer is determining that a law has been violated, gathering information about who broke the law (presumably the person he or she is observing), and gaining evidence that may be introduced in court (the testimony of the officer).
The essential difference between these categories is the locus or subject about which the information is gathered. In the first category concerning the breaking of a law, the locus of information is the event or activity. In the second sort of activity, the locus is the determination of an individual or set of individuals involved in the activity. In the third category, information associated with categories one and two are combined in an attempt to link the two in a provable way.
Although activities in the first category usually precede those in the second, this is not always the case. Law enforcement authorities have been known to start with “suspicious people” and then seek to discover what laws they might have broken, might be breaking, or might be planning to break. This is one of the rationales for certain kinds of undercover activity and is frequently regarded as more controversial.
These distinctions are important because they help to differentiate cases that generate concern about invasions of privacy from those that involve less controversial uses of the state’s investigatory power.
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
Concerns about privacy invasions often involve the possibility that law enforcement officials can cast an unduly broad net, or one that is seen as discriminatory, as they gather information about persons in the absence of specific reasons to suspect that these individuals have violated some particular law.
A case in which an individual is targeted to see if he or she has violated a law is conceptually (and legally and morally) different from a case in which information is gathered about an individual as part of an investigation into a known or suspected violation of law or in which there are other grounds for suspicion. In the former case, information may be gathered about individuals who in fact were not involved in a violation—which is different in kind from the task of assembling information about an individual in the hope of finding a violation of law.
The potential for data gathering targeted at a particular individual or set of individuals to aid in the discovery of previously unknown violations of the law, or the risk that data gathered by law enforcement may be used for political or harassment purposes, often underlies efforts to restrict the kinds of information that law enforcement agencies can gather and the ways in which it is gathered. Even if the information is never used, the very fact that considerable amounts of data have been collected about individuals who have not been accused or convicted of a crime ensures that substantial amounts of information about non-criminals will end up in the databases of law enforcement agencies. Moreover, with such data a permanent part of their files, citizens may be concerned that this information will eventually be misused or mistakenly released, even if they are not suspects in any crime. They may even engage in self-censorship, and refrain from expressing unpopular opinions. For individuals in this position, issues such as recourse for police misbehavior or carelessness are thus very important.
Nor are worries about the gathering of information by law enforcement agencies restricted to how that information could be used in legal proceedings. Such proceedings are governed by the laws and professional ethics that protect the privacy of the individual, and the inappropriate use (in a criminal context) of information gathered by law enforcement agencies can be balanced by judicial review. However, even the suspicion of wrongdoing or being a “person of interest” can have an effect on an individual’s ability to fly in a commercial airliner, obtain certain kinds of permits, gain some kinds of employment, obtain financial services, or conduct business. For example, watch lists, such as those used by the Transportation Security Agency, are not subject to the same level of scrutiny as evidence in a court of law yet can still affect the lives of those whose names appear on such lists. These uses of information are often not
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
balanced by judicial or any other kinds of review, leaving the individual at a severe disadvantage when information is inaccurate or incomplete. 2
None of these concerns about balancing the need for law enforcement agencies to gather information and the need of the citizen for privacy are new. What is new are the modern information technologies that law enforcement agencies can now use to observe situations and identify individuals more quickly, more accurately, and at less expense than ever before. These technologies include surveillance cameras, large-scale databases, and analytical techniques that enable the extraction of useful information from large masses of otherwise irrelevant information.
The sections that follow describe a number of technologies that allow law enforcement agencies expanded capabilities to observe, to listen, and to gather information about the population. Just as the ability to tap phone lines offered law enforcement new tools to gather evidence in the past century, so also these new technologies expand opportunities to discover breaches in the law, identify those responsible, and collect the evidence needed to prosecute. And just like the ability to tap telephones, these new technologies raise concerns about the privacy of those who are—rightly or wrongly—the targets of the new technologies. Use of the technologies discussed requires careful consideration of the resulting tension posed between two legitimate and sometimes competing goals: information gathering for law enforcement purposes and privacy protection.
As a point of departure, consider the issue of privacy as it relates to government authorities conducting surveillance of its citizens. Using the anchoring vignette approach described in Chapter 2 (see Box 2.2), a possible survey question might be, How much does [your/“Name’s”] local town or city government respect [your/“Name’s”] privacy in [your/her/his] routine local activities? Here are a number of possibilities:
See, for example, Peter M. Shane, “The Bureaucratic Due Process of Government Watch Lists,” Ohio State Public Law Working Paper No. 55, February 2006, available at http://ssrn.com/abstract=896740.
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
These vignettes, ordered from most to least privacy-protecting, illustrate only a single dimension of privacy (namely image-based personal information), but they are a starting point for knowing what must be analyzed and understood in this particular situation, and what decisions society will have to make with respect to the issues the vignettes raise.
Whether it is used to see that a law has been or is being broken, to determine who broke the law, or to find a suspect for arrest, physical observation has historically been the main mechanism by which law enforcement agencies do their job. Physical observation is performed by law enforcement officers themselves, and also by citizens called as witnesses in an investigation or a trial. The vignettes above suggest that physical observation has evolved far beyond the in-person human witness in sight of the event in question.
When individuals are watched, particularly by the state with its special powers, privacy questions are obviously relevant. The usual expectation is that, unless there is a reason to suspect an individual of some particular infraction of the law, individuals will not be under observation by law enforcement agencies. But because of advances in technology, the means by which law enforcement can conduct physical observation or surveillance have expanded dramatically. New technologies that provide automated surveillance capabilities are relatively inexpensive per unit of data acquired; vastly expand memory and analytical ability, as well as the range and power of the senses (particularly seeing and hearing); and are easily hidden and more difficult to discover than traditional methods. They can be used to observe violations of law as well as a particular individual over extended periods of time unbeknownst to him or her.
Today, for example, the use of video cameras is pervasive. Once only found in high-security environments, they are now deployed in most stores and in many parks and schools, along roads, and in public gathering places. A result is that many people, especially in larger cities, are under recorded surveillance for much of the time that they are outside their homes.
Law enforcement officials, and indeed much of the public, believe that video cameras support law enforcement investigations, offering the prospect of a video record of any crime committed in public areas where they are used. Such a record is believed to have both investigatory value
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
(in identifying perpetrators) and deterrent value (in dissuading would-be perpetrators from committing crimes). 3 However, these cameras also give those who operate them ever more information, often in the form of a reusable and possibly permanent record regarding where many law-abiding individuals are, who they are with, and what they are doing.
Another example concerns automobiles equipped with tracking systems, such as General Motors’ OnStar system, that permit the location tracking to a fairly fine resolution of anyone holding a cell phone. (Such systems may be based on the use of GPS or on cell phones that provide location information as part of E-911 services.) By tracking people’s position over time, it is also possible to track their average speed, 4 where they have been, and (by merging the positional information for multiple people) with whom they might have met. If such tracking is recorded, correlations can be made at any time in the future. Indeed, given the right monitoring equipment and enough recording space, it is even possible that the locations of every person for much of a lifetime could be made available to law enforcement agencies or even family members or researchers.
Similar issues regarding data reuse arise with respect to the use of video cameras for the enforcement of traffic regulations. In many cities the traffic lights have been equipped with cameras that allow law enforcement agencies to determine violations of red-light stop zones simply by photographing the offending vehicles as they pass through the red light. Such images allow local police agencies to automatically send red-light-running tickets to the vehicle owners. Even such a seemingly straightforward use of surveillance technology, however, brings up a host of privacy
It is unquestionable that video records have had forensic value in the investigations of crimes that have already been committed. The deterrent effect is less clear. A study done for the British Home Office on the crime prevention effects of closed-circuit television (CCTV) cameras systematically reviewed two dozen other empirical studies on this subject and concluded that, on balance, the evidence suggested a small effect on crime reduction (on the order of a few percent) and only in a limited set of venues (namely, car parks). The deployment of CCTV cameras had essentially no effect in public transportation or in city-center contexts. Welsh and Farrington also noted that poorly controlled studies systematically indicated larger effects than did well-controlled ones. See Brandon Welsh and David Farrington, Crime Prevention Effects of Closed Circuit Television, Home Office Research Study 252, August 2002, available at http://www.homeoffice.gov.uk/rds/pdfs2/hors252.pdf.
A lower-tech version of this capability is inherent in toll systems on highways. For some highways, periodic toll plazas on turnpikes were replaced by a system in which the driver picked up a ticket at the point of entry that was then used to determine the toll at the location where the car exited. Given that these tickets included the time of entry into the turnpike, there were concerns that the tickets could also be used upon exit to determine if the car had exceeded the speed limit. Stories of such secondary use have the ring of urban myth, but they continue to surface on the Internet and are certainly consistent with what the technology enables.
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
issues. For example, consider that these cameras could also be used to trace and record the presumed locations of people based on the observed time and location of their cars. That is, they could take pictures even when no car was running a red light. Such a concern is based on the future possibilities for repurposing the information gathered by such cameras rather than on the purpose for which these cameras were originally deployed.
Note that nothing intrinsic in the use of a video system to catch those running traffic lights enables secondary use of the information. The system could be designed in such a way that only those images showing someone running a red light were kept, and all other images were discarded immediately. Such a system could not be used to track the location of any but a small number of vehicles. Designing such a system in this way is simple to do when the system is first being built but is far more difficult once the system has been installed. However, privacy concerns associated with possible secondary uses are usually not raised when a system is designed, if nothing else because those secondary uses are not yet known or anticipated.
It could be argued that a video camera at the stoplight is no different in principle from posting a live police officer at the same place. A police officer can issue a ticket for a car that runs a red light, and if a live police officer on traffic detail at the intersection is not a threat to privacy, then neither is the placement of a video camera there. Others, however, would argue that a live officer could not accurately record all vehicles passing lawfully through the intersection, and could not be used to trace the movements of every vehicle passing through a busy intersection—lawfully or not—in the way that a video camera can. The image-retention capacity of a video system vastly exceeds that of even the most astute human observer and thus allows the tracking of all vehicles, not just those that are of interest at the time they move through the intersection. The images stored by the video system can, in principle, be not just those of vehicles that have violated the law, but of all vehicles that have passed by the camera.
In addition, information gathered by a video camera ostensibly deployed to catch cars running a red light can be used for other purposes, such as tracking the location of particular cars at particular points in time, or finding speeders (this would require combining of information from multiple cameras at multiple locations)—purposes that are not possible with a human officer. Further, when the images are stored, law enforcement agencies gain the capability to track what individuals have done in the past, and not just what they are currently doing. The worry is that once the information has been gathered and stored, it will be used in a variety of ways other than that for which it was originally intended. Such “feature creep” is possible because what is stored is the raw information, in image form, which can be used in a variety of ways.
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
Finally, video surveillance is far less expensive than the use of many human officers. From an economic point of view, it is impossible in large jurisdictions to station officers at every intersection, but placing a video camera at many intersections is much less expensive and within the means of many police departments. An important check on executive power has always been based on the allocation of resources, and if technology can enable a greater amount of police activity—in particular, more surveillance—for the same cost, the introduction of that technology changes the balance of power. Perhaps most importantly, this change in the balance of power is often unnoticed or not discussed—and when it is, a dispute about the amount of police activity must be resolved explicitly on policy grounds rather than implicitly on economic grounds.
Beyond video technologies such as those discussed above, there is also the prospect that emerging technologies can extend the reach of observation from public spaces into what have traditionally been private spaces. There has been some use of infrared detectors to “look through” walls and see into a suspect’s home; 5 although the Supreme Court recently suggested that such law enforcement surveillance tactics might violate the resident’s “reasonable expectation of privacy” (Section 1.5.5), the courts have not categorically rejected the use of such sophisticated imaging devices. If environmental sensors become pervasive, it may in the near future become possible to infer the location of people from the information gathered for purposes such as energy conservation—and to infer identities by correlating that information with other recorded information (such as building access records).
The conditions under which law enforcement agencies will or should have access to such information raises difficult questions both of law and of policy. Concern over the potential use of such sensitive information lies at the heart of many privacy-based concerns about the deployment of such technologies. The deepest concern, from the privacy perspective, is the potential for combining constant and non-obvious data gathering and the ability to assemble the data gathered to give the effect of largely constant observation of any space, whether public or private. Such a prospect, combined with the temporally permanent nature of the data when they are stored, appears to give law enforcement agencies the ability to constantly monitor almost any place and to have access to a history of that
A number of court cases have been brought addressing the question of whether the use of a thermal-imaging device aimed at a private home from a public street to detect relative amounts of heat within the home constitutes a “search” within the meaning of the Fourth Amendment. The definitive ruling on this point is the decision of the U.S. Supreme Court in Kyllo v. United States, No. 99-8508 and decided on June 11, 2001, which held that it is a search and thus must be governed by the apparatus designed to protect the public against unreasonable searches.
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
place. Together with the ability to aggregate and mine the data that have been gathered (discussed below), this prospect would appear to give law enforcement enormous amounts of information.
The most serious issues arise if and when such technologies enable monitoring of specific individuals. Many present-day technologies indicate bodies, but not the identities of the persons who own those bodies. Future technologies may enable the identification of individuals—that is, the high-accuracy association of specific names with the bodies within view—in which case the privacy concerns are accentuated many-fold. (Even today, modern cell phones with location identification capabilities yield information about the whereabouts of individuals, because of the generally unviolated presumption that individuals carry their cell phones with them.)
Both communication and data storage technologies have long been of interest and use to the law enforcement community. Being able to observe and overhear the discussions of those suspected of breaking the law and to obtain records of criminal activity has been an important means for gaining evidence—but has also created inevitable threats to principles of privacy.
The primary difference between records and communications is that by definition, records are intended to persist over time, whereas communications are more transient. Transient phenomena vanish, and they are generally more private than persistent entities that can be reviewed anew, copied, and circulated. For this reason, technologies that threaten the privacy of records are often seen as less problematic than those that threaten the privacy of communications.
For keeping records private, the most common technique used has been to hide the records in a location known only to their owner. One can “hide” records by placing the file in a secret location (e.g., in an “invisible” directory on one’s disk, on a CD-ROM stored under the mattress or under a rock in the back yard or in a safe deposit box, or embedded secretly in another document). Today, there are few generally applicable technologies that enable law enforcement authorities to find records in a secret location without the (witting or unwitting) cooperation of their owner. Thus, debates over the appropriate balance between the privacy of records—even digital records—and the needs of law enforcement authorities for those records have been relatively straightforward, and based on the ability of law enforcement authorities to compel or trick the owner into revealing the records’ location. (The use of encryption to hide records, discussed in more detail below, presents a wrinkle in this debate, but the
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
same techniques are available to law enforcement authorities to compel or trick the owner or others into revealing the decryption keys that would allow law enforcement access.)
But history paints a much different picture when it comes to communications. For the interception of telephone conversations, e-mail, and Internet-based communication, the proper balance between the claimed needs of law enforcement for access to such communications, and the privacy interests of persons who are the participants in the targeted communication, has been elusive and more difficult to define.
When the Bill of Rights was enacted, communication consisted either of spoken language (which could only be heard directly) or written. Written communications are a type of record, and such records can be obtained by law enforcement personnel as the result of a search (under rules covered by the Fourth Amendment). But what of written communications being sent through the mails—were these communications more like utterances made in public, and therefore not subject to the same explicit protections of privacy, or were they more like records private and covered by the protections of the Fourth Amendment?
In the case of mail carried by the U.S. Postal Service, the decision was that the outside of the mail (such as the address and return address) was public information, and not covered by the need for a search warrant, 6 but that any communication inside the envelope was considered private and any viewing of that information by law enforcement required a search warrant obtained under the requirements of probable cause. 7
As communication technologies advanced, the distinction between what was publicly available and what was private in those technologies became the crux of the debates about the privacy of those communica-
Ex Parte Jackson, 96 U.S. (6 Otto) 727,733 (1877).
The process by which national security investigators have obtained mail cover information has been governed by U.S. postal regulations for nearly 30 years. See 39 C.F.R. 233.3. The authority to use mail covers for law enforcement purposes first appeared in the 1879 postal regulations. Section 212 statutorily authorizes the continued use of mail covers in national security investigations. A “mail cover” is the process by which the U.S. Postal Service furnishes to the FBI the information appearing on the face of an envelope addressed to a particular address: i.e., addressee, postmark, name and address of sender (if it appears), and class of mail. The actual mail is delivered to the addressee, and only the letter carrier’s notation reaches the FBI. A mail cover does not include the contents of any “sealed mail,” as defined in existing U.S. postal regulations (see 39 C.F.R. 233.3(c)(3)) and incorporated in Section 212. Although the Supreme Court has not directly addressed the constitutionality of mail covers (the Court has denied certiorari in cases involving the issue), lower courts have uniformly upheld the use of mail covers as consistent with the requirements of the Fourth Amendment. See Vreeken v. Davis, 718 F.2d 343 (10th Cir. 1983); United States v. DePoli, 628 F.2d 779 (2d Cir. 1980); United States v. Huie, 593 F.2d 14 (5th Cir. 1979); and United States v. Choate, 576 F.2d 165 (9th Cir.), cert. denied, 439 U.S. 953 (1978).
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
tions and what access law enforcement agencies had to the communication. Perhaps the best example concerns communication by telephone. When telephones were first introduced, the circuits were connected by an operator who often needed to listen in on the call to monitor quality, and most of the telephone lines were shared or “party” lines, allowing conversations to be heard by anyone with whom the line was shared (although good manners suggested not listening when the call was not for you).
With this history, it was generally held that discussions over a telephone were like discussions in public, so that law enforcement agents could listen in on such conversations, and could use in criminal prosecutions the contents of what they heard, with no oversight and without the consent of those whose words were monitored. Indeed, in Olmstead v. United States, 277 U.S. 438 (1928), the U.S. Supreme Court held that “the reasonable view is that one who installs in his house a telephone instrument with connecting wires intends to project his voice to those quite outside, and that the wires beyond his house, and messages while passing over them, are not within the protection of the Fourth Amendment. Here those who intercepted the projected voices were not in the house of either party to the conversation.” In so holding, it ruled that “the wire tapping here disclosed [in the case] did not amount to a search or seizure within the meaning of the Fourth Amendment,” and thus that telephone conversations were not protected or privileged in any way over ordinary speech outside the home. There was, in this view, no (rational) expectation of privacy for such conversations (although the term “expectation of privacy” had not yet come into use).
This view of telephone conversations lasted until 1967, 8 when the Supreme Court ruled that there was, in fact, a constitutional expectation of privacy in the use of the telephone. By this time, operators were hardly ever used for the connection of circuits and were not expected to monitor the quality of phone conversations, nor were most phone lines shared. However, the decision that there was an expectation of privacy in such conversations lagged significantly behind the technological developments that created such an expectation. At this point, the court decided that telephone calls were like physical mail, in which each call had a public “outside” and a private “contents.” The public envelope contained the information necessary to establish the circuit for the call (including the phone from which the call was being made and the phone to which the call was made) but did not include the contents of the call, which was considered private. Gaining legal access to that part of the call required a warrant issued by a judge after a showing of probable cause.
The last two decades have seen a novel set of communication technol-
Katz v. United States, 389 U.S. 347.
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
ogies become generally available. The Internet, encompassing both electronic mail and the World Wide Web, has provided new mechanisms for communication. The Web allows one-to-many communication, enabling nearly everyone to be a publisher for very little cost. Electronic mail allows communication between parties in ways that are fast, efficient, and highly resilient to failure. The cell phone network has changed many of the old limitations on telephony, allowing conversations between people who are mobile. New emerging technologies such as voice-over-IP, in which telephone-like communication can be carried over the same Internet using protocols first designed for data transmission, merge the functionality of voice networks with the underlying technologies of data networks.
New communication technologies are of obvious interest to law enforcement agencies. Some law enforcement officials see the Web sites that a person visits, or the e-mail that a person sends or receives, as information that could be relevant to the prosecution of criminals. On that basis, they have argued that law enforcement agencies should have legal access to such information equivalent to that available for telephone conversations. Law enforcement officials currently have access to pen registers and trap-and-trace registers on telephone calls, which show what calls were made from a particular phone (pen registers) or to the phone (trap and trace). The installation or attachment of pen registers and trap-and-trace registers does require a court order, but obtaining such an order need not overcome a high standard of probable cause, requiring only a request by the law enforcement agency. Similarly, because agents can discover the source and destination of paper mail simply by observing an envelope, it has been argued by analogy that law enforcement agencies should have access to the destinations of Web browsing and e-mail messages. Those who are troubled by this analogy note (correctly) that on the Internet addressing information cannot easily be separated from the content of the message, a distinction that is central to the availability of routing information for telephone calls and paper mail (Box 9.1).
In a similar fashion, cell phone networks are quite different from those that connect landlines. Cell phone networks allow the users to move while a call is in progress. This new functionality requires that the “circuit” connecting the cell phone and the rest of the network go through a series of connections, depending on the cell that is handling the phone. As the phone moves from one cell to another, technical handoff protocols allow the voice traffic to be moved from cell to cell without the interruption of service. While the voice service being offered is similar to that provided by landlines, the technology underlying the network is very different.
The claim that law enforcement should have access to Internet and cell phone communication rests on analogies drawn between these sorts
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
of communication and more traditional communication mechanisms such as landline phones and physical mail. However, the technology needed to provide the same capabilities is very different, as the characteristics of the networks underlying the communication mechanisms are very different. The separation of information that made it possible to provide the “public” information without compromising the “private” information is a property of the underlying network. While it is possible to separate seeing the addressing information on a piece of sealed physical mail from seeing its content (although the letter could always be surreptitiously opened), there is no easy equivalent physical separation for electronic mail.
Debates over law enforcement access to Internet and cell phone communications also reveal another point of contention that is rarely acknowledged explicitly: whether the protection of privacy should be a property or a characteristic or a feature afforded by technology or by policy. Those taking the position that the protection of privacy should be technologically based argue that technologically based assurances of privacy cannot be easily circumvented by capricious changes in policy or by law enforcement personnel acting outside their authority. A more moderate version of this position is to build technology that enforces policy rigidly, so that, for example, a wiretap that requires legal authorization from a judge cannot physically be performed without a one-time-use key (physical or logical) that is available only from a judge. Thus, grounding privacy protection in technology eliminates or reduces the need to trust law enforcement authorities to respect privacy rights of law-abiding citizens, and advocates of this position often justify their position by references to past government violations of privacy.
By contrast, those who argue that policy considerations should be the source of privacy protections note that without special attention, changing technologies can also change the pre-existing balance between privacy protection and law enforcement access—a balance that has been obtained through the policy-making process, and thus should be changed only by that process (rather than by technological advancement). Further, they argue, procedural protections—such as excluding evidence obtained through improperly obtained techniques and strict enforcement of internal regulations against improper behavior—suffice to deter abuse of authority. Thus, proponents of this position argue that technological developments in communications should be guided or regulated in such a way that they do not compromise the communications access capabilities that prior policy decisions have endorsed and sanctioned. Policy decisions and law, rather than ever-changing technology, should determine functionality and use.
These differences in perspective have played out many times in recent years, notably in debates over the Communications Access for Law
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.
BOX 9.1
Telephone Networks, Data Networks, and the Law
Much of the law having to do with access by law enforcement and national security agencies to data networks has been drawn from similar laws dealing with telephone networks. Indeed, notions of tapping a communication line and establishing pen registers, and decisions about when a warrant is needed for data communications, often make explicit reference to the decisions and laws governing the phone network. Intuitively, such an extension from the phone system to data networks like the Internet makes sense. Both are communication networks, and much of the traffic that is now carried over the Internet (such as e-mail and newsgroups) was originally carried over the phone lines. However, these analogies lead to confusing and contradictory results, since the technology underlying data networks such as the Internet and the technology that underlies phone networks are intrinsically different in ways that are relevant to the decisions that have been made.
Traditional phone networks are circuit based. When a phone call is initiated, information is supplied to the network that allows a bidirectional connection to be made between the caller and the phone being called. In early incarnations of the phone network, this was done by calling an operator, who would literally connect a cable that would complete the connection between the two phones. Automated switching and dialing have eliminated the operator, but the idea is the same; when you dial a call, the switching hardware is used to create a connection between the two phones that is unshared, is bidirectional, and carries the signal that is the conversation between one phone and the other.
Unlike the traditional phone network, the protocols that are the basis of the Internet are packet based. Rather than establishing a circuit between the sender of information and the receiver and then sending the information over that circuit, any message is broken into chunks, with each chunk being wrapped with information about its destination and each being sent over the network. These packets are sent from one machine to another, with each machine looking at the information having to do with where the packet is to be sent and forwarding that packet. Different packets may take very different routes to the same destination. At the final destination, the packets are reassembled into a single message, which is then delivered to the intended recipient.
One of the major differences between a packet-based network and a circuit-based network is that a packet-based network mixes the routing information with the information being sent over the network. In a circuit-based network, the routing information is used only to establish a circuit; once the circuit is established this information is not needed. Further, during the establishment of the circuit, no content is sent or revealed. Packet-based networks make no such separation between the routing information and the content—indeed, these two kinds of information are present in all of the packets.
Enforcement Act (CALEA) and over encryption. CALEA required that telecommunications providers build into their networks and switching systems the capability to provide the contents of voice communications to law enforcement authorities (subject to all of the existing restrictions on such wiretaps imposed by law) regardless of the technology used. Thus,
Suggested Citation:"9 Privacy, Law Enforcement, and National Security." National Research Council. 2007. Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press. doi: 10.17226/11896.