The Unwanted Gaze
Dear Eugene and Declan,
PRINT
DISCUSS
E-MAIL
RSS
RECOMMEND...
Facebook
MySpace
Mixx
Digg
Reddit
del.icio.us
Furl
Ma.gnolia
Sphere
StumbleUponIf we're all putting on hats to distinguish our positions on privacy and cybercrime, why don't I put on my classically liberal hat, a John Stuart Mill topper, which hangs squarely on the middle peg between Eugene's archconservative Bismark helmet and Declan's cyberphunk fedora (do cyberphunks wear fedoras?).
The Unwanted Gaze tries to grapple with the tensions between the legitimate needs of law enforcement and the demands of individual privacy. In particular, in one of the central narrative threads, I trace the slow, sad erosion of Fourth- and Fifth-Amendment protections for private papers. In the 18th century, when the Bill of Rights was drafted, the search of a private diary was regarded as the quintessential example of an unreasonable search. In the landmark Boyd case in 1890, the Supreme Court struck down a subpoena for business papers on the grounds that it violated the Fourth-Amendment right against unreasonable searches and the Fifth-Amendment right against compelled self-incrimination. I try to explain how we could have evolved from a world in which John Wilkes, the British publisher of an 18th-century Drudge Report, won thousands of pounds in damages after King George III's minions broke into his house and read his private diaries, to a world where Kenneth Starr was able to subpoena and retrieve the unsent love letters from Monica Lewinsky's home computer.
Part of the answer, I argue, has to do with rise of the regulatory state and the legitimate effort to fight white-collar crime. In the years leading up to the Progressive era, it became clear that if people could refuse to turn over their corporate records in response to grand jury subpoenas, then it would be impossible to enforce antitrust laws or tax laws. Well before the New Deal, the court decided that the only way to investigate corporate crime would be to give prosecutors broad power to subpoena witnesses and to produce documents. But in a series of unfortunate decisions in the 1970s, the court came close to holding that the Fourth Amendment imposes no meaningful limits on subpoenas and the Fifth Amendment provides no protection for the content of private papers. Thus, when Bob Packwood tried to conceal his diaries from Senate investigators in 1994, Judge Thomas Penfield Jackson breezily rejected his claim.
How could courts balance the legitimate needs of law enforcement with the imperatives of individual privacy? In the book, I offer several tentative suggestions that would resurrect basic constitutional protections for private papers without bringing the regulatory state to a grinding halt. First, I resist Eugene's notion that, in an age when people disagree about which crimes are serious, judges are in no position to balance the intrusiveness of a search against the seriousness of a crime. There is, I argue, a world of difference between committing mass murder and lying about a consensual affair, and any sane legal system that prohibits "unreasonable" searches and seizures should at least try to distinguish between the two crimes in deciding whether or not to allow a witness's most intimate thoughts to be exposed to public view. This is why a warrant for the Unabomber's diaries might be perfectly reasonable and a warrant for Monica Lewinsky's diaries perfectly unreasonable. It's a foolish system of criminal justice that can't tell the difference between murder and adultery. And this is why, to pick up on Declan's arguments about the conflicts between technologies of anonymity and the needs of law enforcement, there is no reason that suspects shouldn't be required to turn over plain text versions of encrypted messages in the investigation of serious but not less-serious crimes, in cases where the government knows about the existence of the papers in advance rather than engaging in fishing expeditions.
When it comes to physical strip searches, courts today have no difficulty recognizing that invasions of privacy that might be reasonable in the investigation of serious crimes can be unreasonable in the investigation of less serious crimes. But when confronted with mental strip searches, judges have relinquished the tools to distinguish between violent crimes and thought crimes. The law no longer encourages them, as it should, to balance the intrusiveness of the search against the seriousness of the offense. To restore this balancing test, I suggest, Congress might consider listing the crimes that are serious enough to justify the search of private papers. It could also empanel grand juries or special masters to evaluate the reasonableness of subpoenas and warrants, balancing the intrusiveness of the search against the seriousness of the crime.
In particular, I focus on the special threats to privacy in a computer age, when a subpoena for a suspect's hard drive looks very much like the general warrants that the framers of the Bill of Rights meant to forbid. To protect the privacy that the framers had in mind when they prohibited general warrants, I suggest that courts could require some kind of filtering mechanism to prevent prosecutors from rifling through a great deal of innocent documents in search of potentially incriminating ones, even with a warrant or a subpoena. Rather than allowing Starr to scrutinize Lewinsky's computers, for example, Judge Norma Holloway Johnson could have insisted on reviewing the files herself and disclosed to the prosecutors only material that was clearly relevant to their investigation and didn't unreasonably threaten Lewinsky's privacy. Or, if Johnson didn't feel that she had the time to undertake such an extensive review, she could have appointed a special privacy master to play the role that Bob Packwood had begged Congress to assign to Kenneth Starr during the investigation of Packwood's diaries, sifting through the hard drive and separating relevant from irrelevant material.
If technology poses new threats to privacy, it also offers new ways of ways of reconstructing some of the privacy we have lost. Courts might require prosecutors to submit for judicial approval a list of particular words or phrases that they hoped to find on Monica Lewinsky's hard drive--"North Gate"; "Betty Currie"; or perhaps "thong"--rather than permitting them to trawl through her entire computer. In civil cases involving the seizure of computer hard drives, in which innocent and potentially incriminating documents are hopelessly intermingled, some courts have suggested that a neutral magistrate should carefully monitor the scope of computer searches. This model might be extended to the investigation of cybercrime more broadly.
Eugene, I'm skeptical, as you suggest, about the feasibility of resurrecting the "mere evidence" rule that in the 18th century protected privacy by ensuring that warrants could only be issued for the fruits and instrumentalities of a crime, rather than for mere evidence of a crime. But in the investigation of white-collar computer crimes, where innocent and incriminating papers and e-mails may be jumbled together, I suggest that judges could try to resurrect a version of the "mere evidence" rule for cyberspace: When companies monitor e-mail, for example, to investigate violations of workplace rules or federal or state law, perhaps they could allow only the illegal activity revealed by the search, but not the e-mail messages themselves, to be introduced in court. Or perhaps privacy masters could review e-mail to separate public, work-related correspondence, which could be admitted in court, from private correspondence between workers, which could be excluded.
In the book, these proposals are tentative and offered in an experimental spirit. But all of them are illustrations of the broader theme that we have been discussing for the past few days. To protect privacy in cyberspace, we need filtering mechanisms--judges, editors, special masters, magistrates--who can review raw data and make informed judgments about what sort of information is appropriate to expose to a broader audience. Although "no one lives in cyberspace," as Michael Froomkin and Eugene remind us, all of us are increasingly leaving electronic footprints and fingerprints in cyberspace--footprints that reveal the most intimate details of our thoughts as well as our behavior. In such a world, we are terribly vulnerable to being misjudged and taken out of context. The answer to the threat of being judged out of context isn't necessarily new laws or even new technologies of concealment, but instead human filters and mediators who can exercise judgment, balancing in individual cases the competing principles we have been discussing--privacy on the one hand and security, self-expression, and the public's right to know on the other.
It's ironic, isn't it, that in the brave new world of cyberspace, human judgment turns out to be more rather than less necessary for rebuilding the enclaves of privacy that people long took for granted in real space. But in an age when there is no longer broad social consensus about how much privacy it's reasonable to expect, judgment is precisely the quality that judges, special prosecutors, editors, and employers are no longer confident about exercising. We have the ability to rebuild the private spaces we have lost, but it's not yet clear that we have the will.
Thank you both so much for challenging me and for taking the time to participate in this rich dialogue.
With appreciation,
Jeff
This week, two writers grill Jeffrey Rosen on whether the Internet is really eroding our privacy. Rosen is the legal affairs editor of the New Republic, an associate professor at the George Washington University Law School, and the author of the The Unwanted Gaze: The Destruction of Privacy in America (click here to buy it). Declan McCullagh is the Washington bureau chief for Wired News and runs the Politech mailing list. Eugene Volokh specializes in free-speech law, cyberspace law, copyright law, and firearms regulation policy at UCLA School of Law, and is the author of "Freedom of Speech and Information Privacy: The Troubling Implications of a Right to Stop People from Speaking About You," forthcoming in the Stanford Law Review. 
When Congress Sends a Bill to the President, Do They Use E-Mail?
Gov. Haley Barbour's Strange Habit of Pardoning Murderers Who Work on His House
Slowpoke Directors Explained: Why It Took 12 Years to Make Avatar
The Surprising Reason Banks Are Suddenly Repaying Their TARP Funds
How Come You Don't Hear About the "War on Christmas" Anymore?
Jeff Bridges Gives the Performance of the Year in Crazy Heart
Reader Response from The Fray--to be read after the final entry:
It is ridiculous to say that technology needs to be limited or controlled in order to make searches possible. Yes, law enforcement has the right to search property under certain conditions, but that doesn't mean that the potentially-searched have to make it easy or even possible. If the police want to search my computer but can't break the encryption code, that's their problem. Sure that tilts the balance away from law enforcement, but that's kind of the point. We should always make the job of the police as difficult as possible.
Look at it another way -- if I open a bank account in the Cayman Islands, the authorities won't be able to get basic information about the account that they would have access to if my account were at an American Bank. They might have good reason for asking their questions, but that doesn't matter. I still have the right to do business with a bank in the Caymans if I choose to, whether or not I have anything to hide. In the end, the government shouldn't tell me, "You can't use that piece of technology because if we need to, we won't be able to see what you're doing." They should just be required to find another way around the problem (and I'm sure they will.)
--Michael Maiello
(To reply, click here.)
To Michael Maiello: Most of us have no interest in making the job of the police as difficult as possible. Your argument overlooks the cold reality that there are some awfully evil people in this world. It would be advisable for you to immediately cease pretending that everybody is as decent as ourselves.
--David Thomson
(To reply, click here.)
[Maiello and Thomson continued their discussion on evil and privacy--follow the thread here.]
There is a basic defect in this discussion. It doesn't deal with the question of a person's control over how much information, and what kind, he/she chooses to give away. There seems to be an assumption that no control is possible. Supposedly most people think Internet marketers are the equivalent of Stasi but this is preposterous. I have complete control over what I send over the Net. The most the marketers can do is transmit unwanted solicitations. I get them all the time and almost all of them are inane. To the marketers, a person is not so much a person as a bundle of attributes. All of their intrusions are based on probabalistic inferences from these attributes, but such inferences cannot be decisive. It is only when the state or the legal system becomes involved that the individual is in danger.
Rosen spends much time on the Clinton-Lewinsky affair but does not mention that the violation of privacy comes not from Starr, but from sexual harassment law, which authorized his inquiry. I understand that he wants to reconstruct the law in this area so that privacy comes first. Presumably, then, Clarence Thomas would not be damned for allegedly renting porn videotapes. It seems to me obvious that the real difficulty in Rosen's discussion is the hazardousness of trying to read someone's personal character from bits of information that are by nature not really informative. But the villains here are not Internet marketers but liberal activists.
--Edward Brynes
(To reply, click here.)
1.Tools are not as readily available and as easily usable as they need to be to really protect privacy. Telephones aren't yet designed with built in scramblers; e-mail is still mainly a plain text affair. The government still supports encryption, but only with Keys it can hold; and businesses don't want their employees words scrambled or made anonymous. Until there's some universally accepted encryption standard that can be built into all communication products, there's not going to be the kind of defacto communication privacy people would like. What do we do while we wait for the technology to catch up to the kind of privacy we deserve?
2. Communication privacy is a different matter from data privacy--the tidbits learned about what one buys, looks at, reads, online and elsewhere (credit cards leave trails too). But don't forget too such things as medical records, insurance claims, and other sensitive data. Is there a law that says you can't look into someone's medical background as part of an employment review? How will medical privacy be protected except by law?
3. Why don't we own the copyright and intellectual property rights to our own data? I think a European-style law along the lines Jeff Rosen recommends for protecting one's personal data, or least controlling how it's reused is a good idea.
--Nick Carbone
(To reply, click here.)
(6/9)