Wednesday, January 11, 2006

Privacy: Variations on the Theme of Liberty

This post is an abridgement of the much longer version at Liberty Corner II. The complete version provides much supporting detail that I have omitted here.

I begin by addressing privacy as a right. I then turn to private-sector issues, namely, identity theft and the use of personal information by businesses. In the next substantive portion of this post I address privacy vis-a-vis government, disposing quickly of the national ID card to focus on warrantless "eavesdropping" and data-mining. I then offer a brief summary and conclusion.


Privacy in the Law

Privacy is one among many values that liberty should serve. An individual's desire for privacy is as legitimate as a desire for, say, a Lamborghini, a full head of hair, and perpetual youth. Seriously, privacy is a legitimate pursuit, yet (like a Lamborghini) it cannot an absolute right. For -- as I have argued elsewhere -- if privacy were an absolute right, it would be possible to get away with murder in one's home simply by committing murder there. In fact, if there are any absolute rights, privacy certainly isn't one of them. Privacy really is a bargain that individuals strike with the rest of the world. We cannot act in the world without ceding some privacy, so the question is how to decide when the bargain we are being asked to strike is a good one or a bad one, given the benefits and risks of ceding some privacy.

You may now ask: "What about the Constitution, the Bill of Rights, and all of that?" Read the Constitution and Bill of Rights and you will find that there is nothing about privacy in them. The Fourth and Fifth Amendments come closest to being "privacy" amendments, but they're really about due process of law. The vaunted Ninth Amendment doesn't protect an unemurated privacy right.

There is neverthess a notion that the Fourteenth Amendment guarantees privacy as a matter of substantive due process. As I have explained, however, substantive due process protects constitutionally guaranteed rights (e.g., liberty of contract). It does not protect imaginary rights, such as the non-existent general right to privacy.

The notion of a general right to privacy is a fairly recent invention of the Supreme Court. It was conjured to serve the Court's legislative agenda in Griswold v. Connecticut (overturning a Connecticut law that banned the sale of contraceptives) and Roe v. Wade (overturning a Texas anti-abortion law).

There are, of course, federal and State laws that define specific areas of privacy. All such federal and State laws are carve-outs -- delineations of specific areas of privacy. They are not general guarantees of privacy. Do we need even more carve-outs to deal with the "privacy crisis"? Let us begin by defining the real privacy problem.

Privacy in the Real World

You may, in spite of what I have just said, think that you have a "right" to privacy. But try that line with prospective creditors, who have a "right" to know enough about you to decide whether to extend credit to you; try that line with banks, which have a "right" to know enough about you so that they can safeguard your savings from impostors; and try that line with the police, who have a "right" (constitutionally) to obtain a warrant to search your home if you are suspected of a crime.

If you want absolute privacy you should not have a job (working for someone else), a credit card, a checking account, a brokerage account, a 401(k), a house, land, a car, a legalized marriage, children who were born in a hospital or educated formally, a formal education of your own, a telephone, an Internet connection, or almost any of the other trappings of what we call civilization. The real issue is the extent to which you are willing to forgo some aspects of privacy in order to work for someone else (other than the Mob), possess a credit card, etc.


Dealing With "Identity Theft"

Let's be clear about what is being stolen in "identity theft." An identity thief's real crime isn't stealing a person's identity, it's using information about that person to steal from that person and/or to steal from others. With that understood, the solution to "identity theft" is straightforward: Fraud is fraud and theft is theft, and they ought to be prosecuted as such.

Moreover, businesses that abet "identity theft" through lax verification and security procedures should be held accountable for their misfeasance.

On to the tougher issue of how to cope with banks, lenders, vendors, and the like.

A Market Solution for Other Private-Sector Issues

So, beyond the obvious penalties for "identity theft" and for misfeasance on the part of businesses that hold personal information, the answer to the private-sector privacy quandary lies . . . in the private sector. The answer, specifically, is the use of what I will call "privacy brokers." These would be companies that are qualified to explain to an individual his privacy options, and authorized to exercise the individual's preferences on his behalf. Such firms would be fully knowledgeable of applicable laws and the ins-and-outs of the privacy policies of companies with which an individual might do business. (Bear with me as I explain why I'm not inventing a new and costly middleman.)

How would privacy brokers be paid? If they were paid by businesses, consumers rightly wouldn't trust them. But how likely is it that consumers will shell out what looks like additional money for a service that, to most consumers, might seem unnecessary? After, in spite of all the personal information that's afloat in the databases of businesses, credit-card issuers, and credit-rating agencies, relatively few consumers have been defrauded or otherwise compromised.

The answer, of course, is that consumers already are paying for the services of credit-rating agencies through the prices charged by businesses and the interest charged by credit-card issuers. It would be relatively easy for credit-rating agencies to transform themselves into privacy brokers. Privacy brokers would collect all of the information now required by creditors, but they would collect it as consumers' agents, after duly informing consumers of their options and the risks and benefits of those options. Each consumer would agree to compensate his privacy broker by assigning a share of his credit purchases to the broker. Conveniently enough, the consumer's creditors would no longer be paying the former credit-rating agency (now a privacy broker) a share of the consumer's credit purchases for the same information. Thus the consumer would not see any increase in prices or interest charges.

Privacy brokers would compete on the basis of price, service, and reputation. If a privacy broker were to allow its data to be compromised, it would quickly lose customers to existing competitors and new entrants to the privacy-brokerage business. Moreover, privacy brokers -- each with tens of millions of clients -- would have considerable leverage over businesses' privacy policies. As a selling point, privacy brokers could use that leverage on the behalf of their clients. Privacy brokers could, for example, negotiate reductions in the amount of personal information that is kept on consumers, ensure that consumers never have to opt-out when it comes to third-party use of personal information, and (most importantly) extract enforceable guarantees about the security of personal information. Those kinds of pro-consumer activities would be fostered by competition among privacy brokers.


Is a National ID Card a Good Idea?

A well-designed ID card might prevent some kinds of "identity theft" if the identifying information embedded in the card could be read only by secure machines and would not be accessible to opportunistic thieves (e.g., unskilled restaurant and department-store employees).

But well-heeled terrorist organizations would find ways to create seemingly legitimate ID cards for their members. And there's the rub. Possession of a single piece of ID, one that is presumed to be authoritative, would make it easier for terrorists to gain access to vulnerable sites (e.g., passenger aircraft) and to elude investigation by deflecting suspicion.

Uncle Sam already knows (or can know) everything about me. A national ID card wouldn't make a difference in that respect. But it would make it easier for terrorists to terrorize. The card is therefore a bad idea.

Privacy or Liberty?

It is sometimes necessary for government to intrude on privacy for the sake of liberty. If, for example, the punishment of crime fosters the security of life, limb, and property by deterring yet more crime, then liberty is served by certain types of governmental intrusion on privacy (e.g., searches of private property, questioning of suspects and witnesses, and compulsion of testimony in criminal cases).

Similarly, the defense of the United States (which includes the defense of Americans and American interests abroad), may justify governmental intrusions on privacy. But there must be restraints on governmental intrusion to ensure that no instance of intrusion is broader than required for the accomplishment of a legitimate governmental function. From a libertarian perspective, that rules out any governmental intrusion of privacy which isn't aimed at promoting justice or defending citizens and their property.

Thus, for example, government is improperly intrusive when it issues a census questionnaire that asks for more information than is necesary to enumerate the population. By contrast, government is properly vigilant when it engages in clandestine surveillance that is warranted by a known threat to the life and limb of Americans (e.g., the continuing threat from al Qaeda).

Those who reflexively oppose certain provisions of the Patriot Act (e.g., the issuance of national security letters for library reading lists) and those who bemoan NSA intercepts of international communications want privacy to take precedence over other manifestations of liberty. As I wrote here, "There can be no absolute liberties where life is at stake. Without life, liberty is meaningless."

It is clear that it is fully within the president's constitutional authority to order electronic surveillance of communications between persons in the U.S. and persons overseas. It is especially clear that such surveillance is legitimate because of its war-related purpose.

The Framers intended the executive to be a passive enforcer of laws passed by Congress that bear on domestic affairs (and those laws were to be strictly limited in scope by Article I, Section 8, of the Constitution). At the same time, the Framers intended the executive to defend Americans actively against enemies foreign and domestic. No one has put it more clearly than Justice Felix Frankfurter:
. . . [W]e have had recent occasion to quote approvingly the statement of former Chief Justice Hughes that the war power of the Government is 'the power to wage war successfully.' . . . Therefore, the validity of action under the war power must be judged wholly in the context of war. That action is not to be stigmatized as lawless because like action in times of peace would be lawless. To talk about a military order that expresses an allowable judgment of war needs by those entrusted with the duty of conducting war as 'an unconstitutional order' is to suffuse a part of the Constitution with an atmosphere of unconstitutionality. The respective spheres of action of military authorities and of judges are of course very different. But within their sphere, military authorities are no more outside the bounds of obedience to the Constitution than are judges within theirs. . . . To recognize that military orders are 'reasonably expedient military precautions' in time of war and yet to deny them constitutional legitimacy makes of the Constitution an instrument for dialetic subtleties not reasonably to be attributed to the hard-headed Framers, of whom a majority had had actual participation in war. If a military order such as that under review does not transcend the means appropriate for conducting war, such action . . . is as constitutional as would be any authorized action by the Interstate Commerce Commission within the limits of the constitutional power to regulate commerce.
To get down to cases -- the case of NSA surveillance, in particular -- Tom Smith of The Right Coast has this to say:
. . . [I]t strikes me as just wrong, and very counter-intuitive, to think of the Fourth Amendment as limiting the President's Article II wartime powers at all. If this were the case, it would mean something like the President's powers to wage war against those US citizens who had decided to fight for the enemy, had to be conducted within something like the proscriptions of constitutional criminal procedure. Surely, that can't be right. This is not to say the President's Article II powers are unlimited. That is what, I take it, the Youngstown Steel case is about. But if FISA really does subject Article II wartime powers to the procedural rigamarole in FISA, then it would be unconstitutional. . . . So where that leaves us, it seems to me, is fairly clear. The President did not violate FISA, as that statute has been interpreted by the highest court other than the Supreme Court that has has the power to interpret it, and indeed specializes in interpreting it, so presumably is due some deference for that, and thus, for the President's action to be illegal, it would have to have exceeded his Article II powers. . . . While it is logically possible that the NSA program exceeded the Article II powers, it strikes me as a very implausible claim. We are not talking here about nationalizing the steel industry, or interring all Muslims or something of that sort. We are talking about data-mining calls and emails which have an elevated probability of being connected to terrorism, because they are within a network anchored by phone numbers or email addresses found in al Qaeda phones or computers, or because of charateristics of the calls or emails. If anyone thinks . . . that doing that is outside the President's Article II powers, they have a ludicrously narrow conception of those powers, a conception simply inconsistent with the President's discharge of his duty to prevent future catastrophic terrorist attacks on the people of the United States. That alone suggests it is an incorrect conception of those powers, a fact even the Supreme Court is likely to notice.
What we see in the dispute about such things as the Patriot Act and NSA surveillance is a failure to distinguish between the free exercise of liberty, on the one hand, and the necessary exercise of governmental power to preserve liberty, on the other hand. That failure is unwitting -- but nonetheless dangerous -- when it emanates from persons who simply have no understanding of the Constitution or who wish to live in a dream-world in which government simply cannot encroach upon their privacy for any reason. That failure is entirely witting -- and essentially subversive -- when it emanates from persons who simply wish to twist the meaning of the Constitution so that it serves their anti-libertarian agenda: statism at home and surrender abroad.

What About Government Data-Mining?

There is, nevertheless, a real threat that surveillance could lead to the creation of massive databases that could be misused by government officials. It is one thing to create databases that enable law-enforcement officials to detect and avert attacks on Americans and Americans' interests, at home and abroad. It is quite another thing to create and use such databases for the purpose, say, of anticipating or imagining criminal conspiracies.

How, then, is it possible to protect Americans from acts of war, terrorism, insurrection, or rebellion without subjecting them to the very real danger of overreaching on the part of government officials -- who will be tempted to misuse the information to which they have access? We learned -- on September 11, 2001 -- that it is folly to put a firewall between domestic and foreign intelligence. The firewall must be placed elsewhere; here is how I would construct it and where I would place it:
  • No government agency (including contractors) may collect or store personal information other than that which is gathered pursuant to a specific, constitutionally authorized exercise of authority (e.g., issuing driving licenses, maintaining tax and property records, investigating crimes that have been reported, maintaining records of arrests and convictions, algorithmically surveilling communications for the purpose of detecting possible terrorist activity).
  • The federal government (and only particular units of the federal government, as authorized by law) may collate such information in a database or databases that may be used only for the purposes of detecting conspiracies to commit acts of war, terrorism, insurrection, or rebellion against the United States, a State, or the citizens of the United States or their property.
  • Information gleaned from such a database may be used, without judicial approval, to avert an imminent attack or to respond to an attack.
  • Otherwise, the information gleaned from such a database may be used, with judicial approval, to initiate surveillance of persons or property within the jurisdiction of the United States -- and then only for the purpose of preventing acts of war, terrorism, insurrection, or rebellion.
  • Actions against persons or property outside the jurisdiction of the United States must be taken in accordance with the 1973 War Powers Resolution and/or applicable treaties.
  • Information gleaned from such a database may never be used for any purpose other than the prevention of or response to acts of war, terrorism, insurrection, or rebellion against the United States, a State, or the citizens of the United States or their property.
Details would be supplied by statute. Compliance would be monitored by a commission; the president, Congress (by concurrent resolution), and the chief justice of the United States each would appoint one-third of the commission's members.


Privacy is not, never has been, and never should be an absolute right. To make it such would be incompatible with the defense of life, liberty, and property.

With respect to privacy in the private sector, we should remember that a one-size-fits-all regulation has the predictable effect of fitting almost no one and generally forcing buyers and sellers to make inferior choices. Government should protect Americans from force and fraud. Beyond that, it is up to Americans to decide for themselves how much privacy they wish to enjoy in their voluntary transactions. They could do so quite effectively, and at no additional cost, with the help of "privacy brokers" -- firms that would do for consumers what they now do for businesses.

Turning to privacy vis-a-vis government, we should remember that government legitimately seeks to protect the lives and property of Americans, so that they can pursue happiness as they see it. Privacy absolutists -- those who place privacy above security -- endanger us all. They would render us defenseless against very real and potent threats to liberty and the pursuit of happiness. The idea of a national ID card fails because it would create a vulnerability, not because it would threaten privacy in the land of the ubiquitous Social Security number. On the other hand, there is a legitimate place for the surveillance of telecommunications and for data-mining, as long as the use of both is confined to the protection of life, liberty, and property against our enemies. A way of ensuring that surveillance and data-mining are not misused is to establish an oversight commission comprising members of all three branches of the federal government.

The legitimate function of the state is to protect its citizens from predators and parasites, it is not to protect predators and parasites. The critics of aggressive defense like to proclaim their dedication to civil liberties, but their statist agenda in domestic matters betrays their selective dedication to liberty.

There is a balance to be struck between privacy and liberty, but it should not -- and need not -- be struck in favor of our enemies. The Constitution is, first and foremost, a mutual defense pact, not a suicide pact.

Related collections of posts:
The Constitution: Original Meaning, Subversion, and Remedies
Economics: Principles and Issues
War, Self-Defense, and Civil Liberties