Privacy v Security: The PATRIOT Act 2.0

Over the weekend, the big story coming out of Washington was the looming expiry of certain provisions of the Unifying and Strengthening America byProviding Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001. This is commonly known as the USA PATRIOT Act.

While it will be resurrected in another form in a matter of days, it is significant that an element which American lawmakers are rejecting, that is the warrantlessinterrogation of aggregated data bases, is woven into Australia's latest legislation that parliamentarians are trumpeting as necessary to fight terror both at home and abroad.

Since 9/11 in the United States, the secretive National Security Agency was responsible for both the bulk storage and interrogation of electronic records. Whereas in Australia, the aggregation will be conducted by telecommunication providers and not government agencies. And the interrogation of the telco-warehoused metadata by Australian security agencies will, just like until the weekend in the US, not require a warrant.

"Metadata" is generically defined as the "envelope" in the "envelope v letter" dichotomy. Data retained by telcos and examined by government agencies will include account holder names and addresses; date, time and duration of communications; the recipient of communications; and the location of equipment used for communications, including mobile towers. But to access the contents or "letter" part of any communications, Australia's federal agencies will need to secure a warrant.

Following the death of s. 215 of the PATRIOT Act on 31 May, the interrogation of "envelopes" at will in the US will require specific warrants to be obtained before Uncle Sam's agencies can mosey on over to a telco to interrogate an "envelope", let alone its contents.

Clearly both Australian and American lawmakers cannot be right.

Either security agencies should have untrammelled (warrant free) access to what they need by way of metadata so they can intercept, disrupt and/or destroy those who would do us harm, or they must work, as some demand, with one hand tied behind their backs and both feet shackled.

Obstacles to the proposed compromised revision of the PATRIOT Act, better known as the Freedom Act, include libertarian Rand Paul (R-Kentucky) who wants no government snooping into metadata held by anyone. Other senators object to the PATRIOT Act do so not on Paul's alleged constitutional grounds, but insist that the Federal government is violating thelimits set by s. 215 of the said Act. And then there are a few want no compromise bill whatsoever and are just peachy keeping the existing provisions as they are. Hence the temporary lock-jam in the Senate.

Edward Snowden, a former Booz Allen Hamilton contractor working at the NSA's centre in Hawai'i, in 2013 revealed the existence and breadth of the NSA's surveillance program and the matter was widely publicized by lawyer and Guardian journalist Glenn Greenwald.

At the crux of the metadata debate is the "privacy v security" trade-off that every democracy needs to consider. There are few finer minds to tackle this matter than Daniel J. Solove, the John Marshall Harlan Research Professor of Law at George Washington University Law School.

Whether you feel the Australian legislation goes too far or too little towards the "security" side of what Solove considers the invented "privacy-security" continuum, you will find his book fascinating.

In Nothing to Hide his easy to read 245 page assessment of the privacy v security shouting match, Solove takes aim at the air-headed quips of the ill-informed who drone that:

"If you have nothing to hide, you have nothing to fear".

His response is along the following lines: say you swipe your ID pass as you enter the elevator at work; soon after you pop down to Coles for a $4 "coffee and muffin" deal, paying with your Visa card; at lunch you fuel up at Golden Arches, buying a McValue Meal with a tap of your debit card on a reader and on the way home (using your registered Opal or myki cards), you visit a pathology lab to test for liver function, offering your Medicare card and signature in place of a cash payment.

Every move you make, every reader you swipe and every medical test you sit leaves a digital footprint from which a pathway to understanding and in turn mapping your lifestyle is the next very small step. Not only can your life be mapped, that mapping can be shared far and wide, often without your knowledge, let alone your (chuckle, chuckle) consent.

Daniel Solove is both alert and alarmed. But he is no peacenick.

In Nothing to Hidehe continues his decade long investigation into the moral and legal questions that modern technology poses for privacy. Unsurprisingly of the four parts of his book, the most fascinating one is the last: technology.

Solove's offers a refreshingly clear lens with which to view the privacy-security continuum.

He resists defining privacy, implying that there are no sufficient conditions for the correct application of the concept, in contrast to many civil libertarians (both in the US and Australia) who chronically argue that "privacy" must be protected at all costs. But is their definition of privacy shared by others? Hmmm.

Solove surveys the results of the US government's data mining activities and finds them coming up short. They are, he feels, useless at predicting whether someone is or is not disposed to be terrorist and the costs of falsely identifying citizens as "dangerous" may be high.

Nothing to Hide is well argued, relevant to both American and Australian readers and is penned by one smart guy. One can only hope it's on our parliamentarians' reading list.