In this excerpt from our new Digital Privacy initiative, David S. Kris from Intellectual Ventures challenges the view that balancing privacy and security in the digital age is a zero-sum game.
You can read an overview of Kris’ white paper below and the full text of Kris’ white paper at our special section, A Twenty-First Century Framework for Digital Privacy, at https://constitutioncenter.org/digital-privacy
This paper addresses the effects of digital network technology on statutory and constitutional law. It considers these effects from the perspectives of privacy and security, develops and synthesizes fragmented aspects of the latter perspective, and identifies elements common to both. It argues that advancing technology increases what I refer to as “digital divergence,” making it easier for informed and motivated individuals, groups, and governments to defeat surveillance, commit misconduct, and avoid attribution, but harder for everyone else to protect against such misconduct and to control their own personal data. Digital network technology has brought enormous benefits, but digital divergence threatens both privacy and security.
Part I of the paper describes how digital network technology threatens privacy. It summarizes the familiar narrative of how more and more activities generate digital data records, often held by third parties, that are conveniently available for surveillance and analysis by government. The essential elements of this narrative, and its essential prescription for legal change to restore protections for privacy, find their clearest expression in the Supreme Court’s decision in Riley v. California, which required a warrant to search a smart phone incident to an arrest, and the concurrences of five Justices in United States v. Jones, which would require a warrant for any long-term monitoring by technical means of a person’s precise location.
Part II describes how digital network technology threatens security. It identifies several factors in the technology that hinder surveillance, and several more that facilitate misconduct. Two of these factors—encryption and cyber threats—have been well publicized, due in part to the FBI’s “Going Dark” campaign, but others remain more esoteric and disintegrated. This stems partly from the complex and sometimes classified nature of the security challenges and partly from the diffidence of the U.S. government after Edward Snowden’s leaks. Part II attempts to refine and develop the security narrative.
Part III introduces the idea of “digital divergence,” a way of understanding and describing how digital network technology simultaneously threatens privacy and security. I use the term “divergence” because digital network technology gives rise to trends that are related to one another and share a common origin, but exert opposite effects. The paper describes four areas of divergence, explaining how digital network technology: (1) creates more data of which less is relevant; (2) consolidates and fragments data; (3) has led to greater and lesser cooperation between government and the private sector; and (4) has increased freedom of choice, and hence divergence among individuals, in the use of technology to protect privacy and security. It explains how these trends are eroding both privacy and security.
The impact of digital divergence on statutory and constitutional law, discussed in Part IV, is hard to predict, in part because divergence creates opposing pressures. Legal change favoring privacy could include enhanced warrant requirements for searches of all digital data (including data concerning location and Internet activity) in all settings (including at the border and in the cloud); limits on government’s authority to engage in (or compel assistance with) decryption, analysis of previously-collected data, and aerial surveillance; and the elimination of third-party doctrine (under which data conveyed to a third party are no longer private) and of minimization doctrine (under which stricter rules governing the use of acquired data permit broader acquisition of data). Legal change favoring security could include development of substitutes for fragile location-based paradigms regulating surveillance; statutory amendments and new agreements to restore and enhance international access to digital data; increasing expectations or requirements for cooperation between government and the private sector, including with respect to encryption; increased governmental access to metadata and publicly-available data; and perhaps even greater regulation of digital networks.
This paper does not advance specific policy prescriptions, either in favor of privacy or security, but rather describes ways of thinking about digital network technology from the perspective of privacy and security, and considers the possible legal and related effects that could result from those ways of thinking. As such, it provides a necessary basis for an informed approach to what some academics refer to as “equilibrium-adjustment” in the digital realm. It similarly supports an informed approach to what the Supreme Court refers to as the need to balance privacy interests against governmental interests to determine what is “reasonable” under the Fourth Amendment.
We are today in the midst of a major equilibrium adjustment, a major rebalancing of privacy and security, due to advances in digital network technology. We seem to understand how the technology threatens privacy, but I think we have not yet understood as well how it threatens security. We need that understanding to find a real equilibrium, to make informed judgments about how best to strike the balance between privacy and security. We need it also to identify technological and legal approaches that may enhance both security and privacy, reversing the trend of the past several years. For that to occur, security advocates need to understand how digital network technology threatens privacy, and privacy advocates need to understand how it threatens security. This paper is an effort to increase that understanding.
Read more at: https://constitutioncenter.org/digital-privacy/digital-divergence
