Select Page

The Occidental Weekly ran an op-ed piece this week talking about surveillance at Occidental College. I recommend checking it out. In it, Mr. Stevenson writes:

Some degree of surveillance on Occidental’s campus and of Americans’ activity generally plays a valuable role in keeping us safe. Yet too much of it is both divisive in nature and a glaring invasion of privacy—something we have precious little of these days as it is.

To make an informed decision about whether a surveillance program is worth the cost in personal prvicay, a number of factors should be considered. Among them: why is the surveillance needed? Can we objectively measure the effectiveness of the surveillance? Are there rules and regulations that limit the scope of surveillance?

Let’s look at the NSA programs that Mr. Stevenson mentions. The technology itself may sound scary but the truth, as revealed by Edward Snowden, is that the NSA’s technology isn’t inherently better than technology that is already available to information security practitioners and hackers already. The real problems are:

  • There is no clear justification for why these programs should exist. Sen. Feinstein (D-California) may disagree, but while preventing “the next 9/11” sounds to be a good justification on paper, the intelligence problem that led to 9/11 was a lack of agency cooperation, not a lack of surveillance capability.
  • The benefits of the NSA’s surveillance cannot be objectively measured. General Alexander has testified that the surveillance programs have stopped over 50 terror attacks since its inception but Sens. Udall (D-Colorado) and Wyden (D-Oregon) have expressed serious doubts about the veracity of these claims. National security concerns prevent either side from disclosing the raw data for independent verification.
  • Policy violations on the part of NSA analysts are reportedly common enough that it was given its own nickname, NSA attorneys actively misled the Foreign Intelligence Surveillance Court, and while speaking before Congress about NSA surveillance, Rep. Issa (R-California), among others, has alleged that National Security Director James Clapper knowingly gave false testimony. In short, the controls for the NSA’s surveillance program are weak and ineffective.

Other, smaller-scale surveillance programs have been dismantled because nobody could answer the basic question: what problem are we supposed to be solving here?

Concerns about surveillance anywhere are not just warranted, but scrutinizing the need for surveillance and challenging its effectiveness should be considered a civic responsibility. The “nothing to hide” argument is not good enough. Not only does it miss the point, the argument is arguably based on a flawed premise. But it is important to note that not all surveillance programs are based on the “nothing to hide” argument.

As a counterpoint, consider the surveillance programs run by the CDC and WHO. These require doctors to report incidents of infectious diseases – an exception to the rules of doctor-patient confidentiality that one would normally expect. Yet these surveillance efforts, though not entirely without controversy, are generally not seen as threatening to privacy because they have a clear goal, benefit from a robust community of researchers who measure the effectiveness of their efforts, and are otherwise well regulated.

Similarly, in the private sector, bulk scanning of Internet traffic is done by services like ATLAS and FortiGuard to monitor for cybersecurity threats. Bulk scanning also forms the backbone of financial fraud detection programs, email spam filtering, and network intrusion detection. The bulk, automated nature of this surveillance rightly makes them the target for greater scrutiny but on balance, these services tend to offer benefits that justify or outweigh the corresponding cost in personal privacy.