Solution to NSA overreach 鈥 put people in charge of their own data
Massive US surveillance of phone records and Internet data disclosed by former NSA contractor Edward Snowden should prompt a public debate on the balance between privacy and the use of personal data. A 'new deal on data' should put people in charge of their own communication.
Massive US surveillance of phone records and Internet data disclosed by former NSA contractor Edward Snowden should prompt a public debate on the balance between privacy and the use of personal data. A 'new deal on data' should put people in charge of their own communication.
Edward Snowden, who leaked information about far-reaching US government surveillance programs to the media, calls these programs the 鈥渁rchitecture of oppression.鈥 He says it is the public, not the government, who should decide their use.
At the very least, the secret and massive government surveillance of phone records and Internet data disclosed by Mr. Snowden should prompt a public debate on the balance between privacy and the collection and use of personal data 鈥 and, we believe, a change in who controls the use of that data.
One reason this debate must happen is that data gathering has evolved to include 鈥渕etadata.鈥 This involves the sweeping collection of call records, for instance, or email logs that record the traffic between email accounts and phone numbers 鈥 but not the content of what was talked about.
The multiple layers of the kinds of information that are gathered today, and the many uses of that information, are far more revealing than people generally realize. This argues for an entirely new approach to managing information 鈥撀爋ne that鈥檚 bottom up, instead of top down.
In recent years, however, the public has mostly yawned over the need for a privacy-data discussion. The zeitgeist has evolved to a point where most people know that their daily activities leave countless digital traces. Data collection is like the rain, it will be there, whether we like it or not. This seems especially true when it comes to fighting terrorism.
According to a June 6-9 survey by the Pew Research Center and The Washington Post, a majority of Americans (56 percent) don鈥檛 object to the National Security Agency鈥檚 (NSA) broad tracking of phone records to find terrorists, which was exposed earlier this month.
The institutions in America that control information collection also haven鈥檛 put the topic of change seriously on the table. Businesses don鈥檛 want to give up their marketing advantage. The NSA, which obtained secret court permission for its dragnet of phone records and surveillance of foreigners using data from US Internet companies, doesn鈥檛 want to give up its intelligence advantage in fighting terrorism. And Congress seems overwhelmed by the unwieldy nature of electronic communication today.
Many players in government characterize the NSA鈥檚 use of metadata as more or less benign. The agency gathers the phone records, detects worrisome patterns that might threaten America鈥檚 security, and only then asks for a search warrant to dig into the communications content of certain individuals.
But metadata is more powerful than most people realize. For instance, something as simple as recording Facebook 鈥渓ikes鈥 and website clicks can reveal a person鈥檚 religious and political views, economic standing, sexual preference, personality, mental health, ethnicity, use of addictive substances, and more. The ability to characterize groups by these traits might tempt some in the government to cross the line from finding terrorists to targeting groups because of their political leanings.
Because of the scale and connectedness of data collection and the inability of today鈥檚 institutions to squarely face the privacy issues involved, we strongly back a new approach to data privacy that we鈥檙e working on here at MIT鈥檚 Media Lab. It puts individuals in control of their personal data, allowing them to determine who can possess their data, how it can be shared, redistributed, and disposed of.
聽Each citizen would have a personal data store, like an email inbox, that would let them see where data about them goes and how it is being used. The NSA could still get a court order allowing it to use a person鈥檚 metadata to track terrorists, but at least an individual could see that something is happening 鈥 rather like seeing a police cruiser patrolling the neighborhood. The big difference from now is that individuals could see which companies or government agencies were using data about them, and control these groups鈥 access to that data.
Given the new data landscape, simply attempting to redraft policies on how the government collects data will not achieve the needed balance between the privacy and utility of data. A 鈥渘ew deal on data鈥 is needed that puts individuals in charge of their own communication. That starts with a national debate.
Cesar Hidalgo and Alex Pentland teach at the Massachusetts Institute of Technology Media Lab, where Yves-Alexandre de Montjoye is a graduate student. All three specialize in 鈥渕etadata.鈥