(Following on from Rebekah Bradway's post last week regarding government-created metadata as public records, we are pleased to present a two-part post from Bryce Newell on the role of metadata in government surveillance. -- Ed.)
As much of the world is now undoubtedly aware, the National Security Administration (NSA), and many other signals intelligence agencies around the world, have been conducting sophisticated electronic surveillance for quite some time. Many might have expected that such extensive surveillance was occurring, both domestically and globally, prior to Edward Snowden’s release of classified information in June 2013. Indeed, we’ve known about the existence of government driven metadata surveillance and international intelligence cooperation and data-sharing for years. The UKUSA Agreement, which links intelligence agencies in the United States, United Kingdom, Canada, Australia and New Zealand, was declassified by the NSA in 2011, but its existence was reported much earlier.
What we haven’t known, perhaps, are some of the specifics (e.g., here and here) brought to light by the recent revelations – or much about the legal analysis and oversight to which such surveillance activities are subjected to in practice. The fallout from Snowden’s disclosures has not been limited to the U.S. either. News media in both Canada and the U.K. have released documents indicating that agencies in these countries are also conducting similar programs.
Much of this surveillance appears limited to the metadata – information about information – associated with telephone calls, emails, and other forms of electronic communications. Officials are claiming that metadata is less revealing than the actual contents of our communications – although who hasn’t sent or received an email that included all of its content in the subject line? However, as our landline-initiated telephone calls of the past have been largely supplanted by cellular phone, wireless, and Internet-based communication, the amount of metadata – and its ability to ascribe revealing attributes about us – has grown tremendously. Correspondingly, much more can be done with this data to reveal personal information.
Prior to mass adoption of and access to the Internet, our electronic communications metadata consisted of logs indicating which numbers we called from, what numbers we called, at what time we made these calls, and how long the calls lasted. Much of this information is what we expect to see on a phone bill from our phone company. Now, however, our communications metadata often includes (among other things) highly accurate geo-location information (including movement information) sourced from cell towers, GPS chips embedded in our devices, and the presence of available WiFi connections nearby. This information is not just useful to determine where we are or where we happened to be when we made or received a call, but may also indicate who we are traveling with (based on geo-location metadata of those nearby). As researchers have shown, small amounts of otherwise anonymous geo-location data from cellular phone networks can be used to accurately identify individuals with high levels of confidence.
This is not to say that eye-opening things could not be done with very simple sets of metadata about us in the past, as shown by this fascinating post by Professor Kieran Healy about using basic social network analysis to identify networks of people suspected of anti-government activities (in that case, Paul Revere and the rebellious colonists in America). Imagine what sophisticated statistical and social network analysis can do when we add large amounts of additional information and dramatically increase the number of subjects under study and the resources available to study them. The David Petraeus scandal has also shown us that metadata, like IP addresses indicating the locations where Petraeus and Paula Broadwell logged into their anonymous shared email account, can be enormously helpful in identifying people and telling stories about their lives.
Not only are we confronted with difficult questions about how we ought to define reasonable expectations of privacy in relation to metadata or regulate government surveillance for national security purposes (which is admittedly a highly complex and difficult question), but we also live in a world where information knows no borders. Domestic legal protections, often requiring an intelligence agency to demonstrate some level of reasonable suspicion or probable cause prior to collecting some types of personal information on domestic persons, potentially disappear when foreign governments also collect and share similar data. Much has been said about the need for human rights-based protections to regulate transnational intelligence networks and cross-border collaboration, but these suggestions also pose tremendously difficult questions (not that this means the discussion is not very much worth having).
At least three primary questions need to be addressed (of course, each raises a host of ancillary questions as well). First, what types of communications information should we allow governments to acquire without restrictions? Second, what procedural and legal hurdles should be put in place to protect “personal” or “private” information (and e.g. where does metadata fall on the spectrum from public to private)? Third, what transparency and oversight mechanisms ought to be put in place to ensure that governments are abiding by the policies put in place? We should not necessarily be dismantling our signals and communications intelligence infrastructures, but we should be ensuring – and have the power to ensure – that they operate within legal and democratically sanctioned ways that do not impermissibly infringe on our political freedoms (a form of what Philip Pettit has called “antipower”).
Freedom itself is a contested ideal. Isaiah Berlin famously differentiated between negative and positive liberties; negative meaning the absence of interference, positive meaning (on some accounts) that a person is free to the extent they achieve autonomy, self-mastery, or self control. Negative liberty, or the idea that a person is free to the extent they are not actually interfered with, maintains a preferred position in much contemporary liberal literature. The concept of positive liberty is more controversial, since it may involve determinations about whether a person has the ability to act on their second-order desires – for example, a person may desire not to desire something; their “true” desire may be to overcome a certain trait, addiction, or habit, for example, but they are not free unless they can actually act on these higher desires. On the other hand, a civic or neo-republican account of freedom, such as that offered by Philip Pettit, is primarily concerned with liberty in a negative sense, but equates freedom with nondomination. Domination, on this account, is not limited to instances of actual interference but extends to the possibility that such interference could be realized by the existence of power relationships that allow one person (or state) to arbitrarily interfere with another at will.
In part two, I explore how both of these negative conceptions of freedom – noninterference and nondomination – are implicated by the realities recently disclosed by Edward Snowden, with references to the International Covenant on Civil and Political Rights and case law from the U.S. Supreme Court and European Court of Human Rights.
Bryce Clayton Newell is currently a Google Policy Fellow at the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa Faculty of Law in Ottawa, Ontario. He is also a doctoral student in Information Science at the University of Washington in Seattle, Washington, a licensed attorney (California, inactive) and a documentary filmmaker. The opinions expressed in this post are those of the author alone, and not of any of the organizations to which he is affiliated. The author thanks CIPPIC for allowing him to pursue this line of research as part of his related work at the Clinic. Bryce can be reached at firstname.lastname@example.org.
(Photo of NSA Headquarters courtesy of www.nsa.gov, in the public domain pursuant to 17 U.S.C. § 105.)