What this editorial gets right is that the oversight regime for domestic surveillance is inadequate. What it misses, however, is that big piles of data are inevitable with the current trajectory of technology. It will not be possible to have the piles of data not collected. As others have written, the government surveillance agencies essentially saw what private industry was doing and said "I want a copy of that."
I think we need to rethink some things:
1. In the short term, one of the biggest changes that has to be addressed is the current court doctrine that privacy has not been violated if no people are actually looking at the data. Given that much of the surveillance is directed by automation, we need to recast that doctrine to include some of the automated analysis of the data. It's a thorny question, and one that will take some time and effort to get right, but there's no time like now to start.
2. We need more forceful and more transparent oversight of surveillance. There is a risk that the surveilled might change their tactics based on lessons from oversight reporting, but it seems clear at this point that the trade off is necessary. To quote the editorial: "The usefulness of the bulk collection program has been greatly exaggerated. We have yet to see any proof that it provides real, unique value in protecting national security." Trade-offs are only worth making if you get something. Time to revisit the trade-off.
3. We need to address both the big piles of data in the government's hands and those in private hands. This is going to require rethinking ownership of the data, and probably moving the US more towards an EU-style privacy directive. Again, a longer process, but one that needs to start now.
4. As a country, we need to start toward a more rational view of terrorism risk. Plenty has been written about how disproportional our response has been. Time to rebalance the scales.
In the end, we're going to continue to have big piles of surveillance data as long as we continue our technology trajectory. We need to start figuring out how to work with it, rather than try to stop it.
I think we need to rethink some things:
1. In the short term, one of the biggest changes that has to be addressed is the current court doctrine that privacy has not been violated if no people are actually looking at the data. Given that much of the surveillance is directed by automation, we need to recast that doctrine to include some of the automated analysis of the data. It's a thorny question, and one that will take some time and effort to get right, but there's no time like now to start.
2. We need more forceful and more transparent oversight of surveillance. There is a risk that the surveilled might change their tactics based on lessons from oversight reporting, but it seems clear at this point that the trade off is necessary. To quote the editorial: "The usefulness of the bulk collection program has been greatly exaggerated. We have yet to see any proof that it provides real, unique value in protecting national security." Trade-offs are only worth making if you get something. Time to revisit the trade-off.
3. We need to address both the big piles of data in the government's hands and those in private hands. This is going to require rethinking ownership of the data, and probably moving the US more towards an EU-style privacy directive. Again, a longer process, but one that needs to start now.
4. As a country, we need to start toward a more rational view of terrorism risk. Plenty has been written about how disproportional our response has been. Time to rebalance the scales.
In the end, we're going to continue to have big piles of surveillance data as long as we continue our technology trajectory. We need to start figuring out how to work with it, rather than try to stop it.