Invasion of Privacy

Invasion of Privacy

Introduction to Invasion of Privacy

Invasion of Privacy, unlawful surveillance or intrusion into a person’s private dwelling with intent to expose or encroach upon that person’s private affairs.” (1)

Invasion of Privacy Concerns regarding Anti-terrorism Initiatives

Before discussing the specific privacy concerns arising from the anti-terrorism initiatives, it is important to understand that privacy is a highly subjective notion. See Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca: Cornell University Press, 1992), pp. 12-13.

It means different things to different people.

“Privacy is … a very personal notion. Within socially and culturally defined limits, privacy allows us the freedom to be who and what we are. The very fact that we are able to interact with others as we might like is because our privacy allows us that choice. By embracing privacy, we exercise discretion in deciding how much of our personhood and personality to share with others. We generally feel less vulnerable when we can decide for ourselves how much of our personal sphere they will be allowed to observe or scrutinize” (Sheri A. Alpert, “Privacy and Intelligent Highways: Finding the Right of Way,” Santa Clara Computer and High Technology Law Journal — Privacy and ITS, March 1995, p. 102).

Both the United Nation’ s Declaration of Human Rights (Article 12) and the International Covenant of Civil and Political Rights (Article 17) recognize privacy as a human right. While neither the Canadian nor United States’ Constitutions explicitly use the word privacy, it is, nonetheless, considered to be implicit.

United States Justice William O. Douglas described privacy as found within the “penumbra” of the Bill of Rights (Griswold v. Connecticut, as cited in Robert Gellman, “Does Privacy Law Work,” Technology and Privacy: The New Landscape, ed. Philip E. Agree and Marc Rotenberg (Cambridge: The MIT Press, 1998), p. 202); where the Bill of Rights, as a whole, is understood to define or indicate where government should not intrude (United States Office of Technology Assessment, Criminal Justice: New Technologies and the Constitution, Special Report OTA-CIT-366 (Washington D.C.: U.S. Government Printing Office, May 1988), p. 8). Canadian Justice La Forest recognized privacy as being:

“… at the heart of liberty in a modern state … Grounded in man’ s physical and moral autonomy, privacy is essential for the well-being of the individual. For this reason alone, it is worthy of constitutional protection … The restraints imposed on government to pry into the lives of the citizen go to the essence of a democratic state. … [Also] there is a privacy in relation to information. This too is based on the notion of the dignity and integrity of the individual” (R. v. Dyment (1988), 55 D.L.R. (4th) 503 at 513 (S.C.C.)).

The House of Commons Standing Committee on Human Rights and the Status of Persons with Disabilities studied privacy and concluded:

“Canadians view privacy as far more than the right to be left alone, or to control who knows what about us. It is an essential part of the consensus that enables us not only to define what we do in our own space, but also to determine how we interact with others: either with trust, openness and a sense of freedom, or with distrust, fear and a sense of insecurity (House of Commons Standing Committee on Human Rights and the Status of Persons with Disabilities, Privacy: Where do we draw the line? Report of the House of Commons Standing Committee on Human Rights and the Status of Persons with Disabilities” (Ottawa: Public Works and Government Services Canada, April 1997), p. 6).

In any discussion of privacy, however, it is important to acknowledge that it is not an absolute right. Sometimes other rights or interests will justifiably prevail. How privacy rights and other societal interests, such as national security, are weighed in the context of a public policy debate, is discussed in the next section of this paper.

It is possible to identify three major components of privacy: property, person, and information. Each of these zones or realms of privacy are important, if not essential, for the well-being of the individual and, ultimately the society. In addition, all are significantly impacted by current and proposed anti-terrorism initiatives.

  • Territorial Privacy: This relates to limiting or controlling another’s entry to one’s own personal place. This spatial sense of privacy relates historically, legally, and conceptually to property. There is a physical domain within which a claim to be left in solitude and tranquillity is recognized. Traditionally, no one may enter without permission, except by lawful warrant.
  • Bodily Privacy: This is also known as “privacy of the person” and relates to the protection of one’s physical self against invasion. Privacy of person is an interest in freedom from interference with one’s person and from surveillance (Law Reform Commission, Privacy: Background, Vol. 1, Report No. 22 (Canberra: Australian Government Publishing Service, 1983), p. 21). This sense of privacy transcends the physical and is aimed essentially at protecting the dignity of the human person. It is protection against the indignity of the search and its invasion of the person in a moral sense. Traditionally, a claim to the privacy of one’s person was protected by laws guaranteeing freedom of movement and expression, prohibiting physical assault, and restricting unwarranted search or seizure of the person.
  • Informational Privacy: This relates to the interest of a person in controlling the information held by others about him/herself. This notion of privacy derives from the assumption that all information about individuals is in a fundamental way their own, for them to communicate or retain as they see fit (Department of Communications and Department of Justice, Privacy & Computers (Ottawa: Information Canada, 1992), pp. 13 & 14). The ability to control information about one’s self is linked to the dignity of the individual, self-respect, and sense of personhood (Gary T. Marx, “Privacy and Technology”).

There are relatively few cases where one’s privacy can be said to have been breached in the absence of personal information being recorded in some form. Surveillance systems introduced as part of national security initiatives involve the collection, use and disclosure of personal information. Accordingly, the discussion below of the over-arching privacy concerns concentrates on informational privacy issues.

These privacy issues should not be read in isolation. It is precisely because of the ineffectiveness and lack of justification of certain measures, as well as the significant violations of civil liberties, that privacy is such a concern.

It is also important to note that since many of the anti-terrorism initiatives target certain groups, their privacy rights are infringed much more than people who do not fit the “profile.”

General Concerns

Criticism about anti-terrorism legislation and other measures in the United States, Canada and other countries focussed on three main areas:

Big Brother

The scope of government surveillance contemplated under the anti-terrorism initiatives is staggering. National security concerns will drive forward programs like TIA and expand, even further, the degree to which government will be able to monitor and track any individual; not just known or suspected terrorists.

The expanded use of surveillance technology and the creations of new centralized databases, combined with the powerful analytical software to mine and profile, pose significant threats to the privacy of everyone in the United States and Canada.

The public has long feared a single omniscient government database. With TIA, this fear is approaching a reality. Today there is a higher degree of surveillance than ever before. Not only is the scope broader and the application more frequent, but surveillance technology itself is able to probe ever deeper into physical, social, and psychological realms.

Surveillance technology also penetrates place and space, making it virtually impossible to keep things private by locking the door, pulling the shades, erecting a fence, sealing an envelope, or communicating by telephone or e-mail (Law Reform Commission, Privacy: Background, Vol. 1, Report No. 22 (Canberra: Australian Government Publishing Service, 1983), p. 37).

Surveillance systems are linked to modern information management systems with massive integrated computer databases and powerful analytical software. Data in diverse forms, from widely separated geographic areas, organizations and time periods easily can be merged and analyzed. Increased capabilities and decreasing costs permit more and more data to be stored permanently in law enforcement databases. The result is that one’s past is always present (Marx, Undercover, p. 223). As one author noted: “No fact unrecorded, nothing forgotten nor lost, nothing forgiven.” (M.G. Stone and Malcolm Warner, “Politics, Privacy and Computers,” The Political Quarterly 40(1969), p. 260, as cited in Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca: Cornell University Press, 1992), p. 29)

Surveillance technology greatly enhances law enforcement’s ability to gather data without the participation or even awareness of the individual. It no longer detects just what someone says or does consciously. Involuntary or autonomic behaviour can now be closely monitored. This type of “biological surveillance” involves technology that collects and analyzes body clues, such as pulse, eye movements, voice, blood, urine, and saliva.

“To be alive … is to automatically give off signals of constant information; whether in the form of heat, pressure, motion, brain wave, perspiration, cells, sounds, olifacteurs, waste matter, or garbage, as well as more familiar forms such as communication and visible behaviour. These remnants are given new meaning by contemporary surveillance technologies” (Gary T. Marx, “Ethics of the New Surveillance,” in Visions of Privacy: Policy Choices for the Digital Age, ed. Colin J. Bennett and Rebecca Grant (Toronto: University of Toronto Press, 1999), p. 40).

It is not just advances in technology that have resulted in greater surveillance; the reduction or elimination of traditional judicial controls (discussed earlier) and a change in focus to prevention rather than detection also contributed to increased use of surveillance technology. There has been a shift from targeting specific suspects to categorical suspicion of groups. Using computers to predict future behaviour and the likelihood of an occurrence has resulting in “anticipatory surveillance” of individuals, groups, and locations (Marx, Undercover, p. 230). Technology has given law enforcement the ability to seek out violations, even without specific grounds of suspicion.

The proliferation of advanced surveillance and information management technology is a source of concern to the public. People feel vulnerable in the face of the invasive and unrestricted surveillance contemplated by the government, in the name of national security. They are concerned technology will jeopardize or override fundamental human values such as privacy and respect for individuals.

The overarching privacy concern with anti-terrorism initiatives is the extent of the surveillance; that North America will become a society in which unparalleled amounts and specificity of personal information is collected, used and disclosed by governments on a routine and systematic basis.

Loss of Autonomy

The potential loss of personal autonomy resulting from pervasive surveillance is a central privacy concern. Simply stated, autonomy is “the quality or state of being independent, free and self-directing.” (Websters Third New International Dictionary, Philip Babcock Gove, Editor in Chief (Springfield, Massachusetts: Merriam-Webster, Inc, 1986) p. 148)

Privacy concerns arise because of the potential for individuals to lose control over their personal information. The significance of this concern should not be underestimated. People tend to feel that the loss of control over their personal information has a significant impact on their ability to be autonomous.

“… not only does the loss of control of information about one’s self have some possible serious negative consequences, such as no protection from misuses of the information, it also means a loss of autonomy … Loss of autonomy means loss of one’s capacity to control one’s life… A right to control information about one’s self is fundamental to being a self-determining and responsible being. See Deborah G. Johnson, Computer Ethics” (Englewood Cliffs, N.J.: Prentice-Hall, 1985), p. 66, as cited in James H. Moor, “How to Invade and Protect Privacy with Computers,” The Information Web: Ethical and Social Implications of Computer Networking, edited by Carol C. Gould (San Francisco: Westview Press, Inc., 1989), pp. 60-61.

This sentiment was echoed in the report from the 1985 Workshop on Information Technologies and Personal Privacy in Canada:

“The consequences of losing control over personal information go beyond the issue of invasions of privacy. A fundamental aspect of life is being endangered; the freedom to be oneself and the freedom to speak and act. If people think or know that their activities are being monitored or recorded, they tend to act cautiously to protect themselves, and may even start to censor their thoughts and actions. Therefore, the issue of privacy is related to the much larger dimension of personal and political freedom” (Science Council of Canada, A Workshop on Information Technologies and Personal Privacy in Canada (Ottawa: Minister of Supply and Services, 1985), p. 9).

Loss of Anonymity

Another disturbing aspect of widespread surveillance is the loss of anonymity. Being anonymous is to be unnamed. As more fragments of one’s lives are recorded and stored in databases, people feel their privacy has been invaded, they have lost control over their personal information, and they are, in essence, under surveillance. The creation of an “informational panopticon” such as being contemplated with the TIA program makes people’s lives visible to scrutiny by government. It also deprives them of their ability to withdraw themselves from public view. See Jeffery H. Reiman, “Driving to the Panopticon: A Philosophical Exploration of the Risks to Privacy Posed by the Highway Technology of the Future,” Santa Clara Computer and High Technology Law Journal — Privacy and ITS, March 1995, p. 39

People desire anonymity for a variety of reasons. Certainly some people may wish to avoid detection from law enforcement in order to undertake unlawful activities. But most people want to have the ability to be anonymous simply because, in North America, it is key to people’s sense of freedom and autonomy. It enables the free expression of political ideas, voting without fear of retaliation or coercion, and the practice of religious beliefs without fear of government intimidation (Electronic Privacy Information Center, Free Speech).

The courts have upheld the need for a compelling public interest before governments can require individuals to identify themselves. With the elimination of many judicial controls and the introduction of programs such as TIA, CAPPS II and API/PNR, individuals’ ability to remain anonymous when they choose has been severely eroded.

Anti-terrorism measures substantially increased the government’s ability to invade public and private lives. While surveillance technology is still not at the level where it can identify members of the public in the street, the combining of public and private databases will result in people being identified in ways not previously required. This is seen as an affront to personal dignity and an invasion of privacy. Justice Louis Brandeis’ renowned definition of privacy, the “right to be let alone,” is under siege (Samuel D. Warren and Louis D. Brandeis, “The Right to Privacy,” Harvard Law Review, Vol. IV, No. 5, December 15, 1890).

Loss of anonymity is one of the main reasons people object to identity cards, particularly ones with biometrics. If biometric identifiers are widely used and shared, people{s freedom to separate their identity could be restricted. All information about them could be linked, and they will always be identified by their biometric data. Their ability to remain anonymous will be severely diminished. See Roger Clarke, “Human Identification in Information Systems: Management Challenges and Public Policy Issues,” Information Technology & People, Vol. 7, No. 4, December 1994, pp. 6-37.

Lack of Consent and Knowledge

The anti-terrorism initiatives involve the collection, use and disclosure of personal information without the data subject’s consent. Rarely would individuals even be aware of when and how they are under surveillance or being profiled.

The cloak of secrecy surrounding the anti-terrorism systems means individuals are not in the position to know what personal information is collected and used. While understanding the need for confidential collection of personal information in the context of law enforcement for certain circumstances, data subjects are not in a position to make informed decisions or to challenge conclusions made about them.

The capability of many of the anti-terrorism systems to compile, combine, and analyze information in a manner never before possible creates another privacy concern. The “ability to assemble information selectively, or to correlate existing information, can be functionally equivalent to the ability to create new information.”(Bennett, Regulating Privacy, p. 19) With systems such as TIA the government can, in essence, create new personal information without the data subject’s knowledge or consent.

Most people acknowledge the government needs to collect, use, and disclose some personal information during the course of law enforcement and national security activities. Informational privacy concerns arise when the collection, use and disclosure of personal information becomes so extensive that it crosses the line into pervasive surveillance, with the government using personal information for purposes that go beyond the public’s reasonable expectations.

Necessity and Relevance of Personal Information

A central tenet of informational privacy is that the collection of personal information should be limited to data necessary and relevant to a legitimate purpose. One of the primary privacy concerns with the massive computers systems contemplated under a number of the anti-terrorist measures is that more personal information than is necessary and relevant to law enforcement will be collected, used and disclosed.

To do their job effectively, many law enforcement agencies believe they cannot know too much, and they dare not know too little. Gary T. Marx, “Police and Democracy,” 05/23/01. This version appeared in Policing, Security and Democracy: Theory and Practice, Vol. 2, M. Amir and S. Einsten (eds.). The development of extensive and integrated databases for national security purposes presents a challenge to the consideration of relevance.

With improvements in information-handling capabilities, comes the tendency to use more data and to discard less. This, in turn, motivates the collection of more data on more variables. See Arthur R. Miller, The Assault on Privacy: Computers, Data Banks, and Dossiers (Ann Arbor: University of Michigan Press, 1971), p. 21, as cited by Bennett, Regulating Privacy, p. 29. Contributing to this tendency is the fact that once a system has been established, the cost of collecting, storing and analyzing additional information is marginal. One of the primary privacy concerns is that, because technology can provide an extremely convenient and cost-effective way to gather and analyze data, more information than is necessary and relevant to a purpose will be collected and used.

Without current information management technology, some data would be inaccessible because the compilation and analysis of the hardcopy information would be administratively burdensome and impractical. The ease with which data can be combined and analyzed with computers means that more information may be used to make decisions with the technology than without it. The notion that more information results in better decision-making seems to prevail. More significantly, it also means that information collected for one purpose may be used for other purposes, generally without the knowledge or consent of the data subject, without an initial assessment of relevancy.

Critics argue there is a need to recognize that the use of more information does not always result in better decisions. They believe limits need to be placed on the collection of personal information, even in the context of national security investigations.

The challenge is to identify data that are truly relevant, and avoid collection for collection’s sake or for some unknown future use. This is especially difficult in the context of intelligence work, and the problem has been further compounded by the use of modern surveillance technology.

Some national security measures, at least at this early stage of development, have not been calibrated to filter out irrelevant personal information. The unblinking eye of a video camera, for example, takes in everything, not just that which is related to an investigation.

“There are practical difficulties with a principle that requires record keepers to collect only information relevant to the purpose for which it was collected. How, for example, is relevance to be assessed at the point of collection? …

In surveillance work, a considerable amount of information about an individual may have to be collected before the relevance of any of it to an investigation is established. Much criminal intelligence work is simply the collection of as much information as possible about known criminals and their associates. Patterns of conduct may then emerge which would not emerge if the only information collected were that obviously relevant at the time of collection.” (Law Reform Commission, Privacy, pp. 91-92)

Given the indiscriminate nature of a number of the anti-terrorism systems, covert surveillance of the general public will become the norm. Many people wonder why it is necessary to put everyone under surveillance, particularly when the effectiveness of that methodology is highly suspect.

Unrelated Use and Disclosure

Another significant privacy concern about the anti-terrorism initiatives is that personal information collected for one purpose will be used and disclosed for unrelated purposes by unrelated parties. The very purpose of these systems is to collect personal information from diverse public and private sector sources, identify patterns and draw conclusions about possible future action; in essence, they are designed to use personal information for purposes for which it was not intended. Even in the context of fighting anti-terrorism, this is considered an invasion of privacy. Going on a vacation does not give the government the right to profile someone and their family.

This issue is of particular concern with regard to identity cards. Once a unique personal identifier has been established, it can be used as a means of collating disparate and dispersed personal data on individuals; from government as well as private sector databases. Such an identifier not only enables individuals to be tracked, perhaps in real time, but creates the potential for the collation of their personal information into a comprehensive profile, unbeknownst to the individuals to whom the data relates.

This fosters concerns that:

  • information will be used out of context to the detriment of the data subject;
  • unjust decisions about them will be made simply on the basis of a profile;
  • automatic decision-making will be based on facts of doubtful completeness, accuracy, relevance, or utility;
  • and all of this will be done without the data subject’s permission or knowledge.

In its submission to the Standing Committee on Citizenship and Immigration on the issue of a proposed national identity card, the IPC noted:

  • Not only would a national ID card be redundant for many of its stated purposes, it could also potentially act as a privacy-eroding tool. The card would likely be supported by a national ID database or linked database registration system. The creation of a national database containing information on all Canadians would be unprecedented and far-reaching. The opportunity for government surveillance and tracking of lawful activities would be significantly expanded.
  • Undoubtedly, the introduction of a national ID card would be accompanied by government commitments that the use of the card would be strictly limited to specific, identified purposes. However, similar assurances in the past have proven less than robust. The “function creep” associated with Canada’s Social Insurance Number is an example of how the use of one form of identification has expanded over time far beyond its original, narrow purpose (Office of the Information and Privacy Commissioner/Ontario, Submission to the Standing Committee on Citizenship and Immigration on the issue of a proposed national identity card, February 10, 2003).

Much of the privacy concern around Bill C-55, the previous version of the Public Safety Act, 2002, related to provisions (sections 4.81 and 4.82) in the Aeronautics Act that would have given the RCMP and CSIS unrestricted access to the personal information of all Canadian air travellers on flights within Canada as well as on international routes.

The focus of the concern for Privacy Commissioners across Canada was not the primary purpose of the new provisions, which was to enable the RCMP and CSIS to use this passenger information for anti-terrorist “transportation security” and “national security” screening. The Commissioners were concerned because the RCMP would be empowered to use this information to seek out persons wanted on warrants for Criminal Code offences having nothing to do with terrorism, transportation security or national security.

When outlining his concerns about Bill C-55, the federal Privacy Commissioner in Canada stated:

“While some exceptional measures might be justified as necessary to enhance protection against terrorism, section 4.82 goes far beyond anti-terrorism. Empowering the RCMP to obtain and scan passenger lists in search of anyone subject to an outstanding warrant for any offense punishable by imprisonment of five years or more has no apparent connection to the purported anti-terrorism purpose of Bill C-55. It appears, rather, to be a dramatic expansion of privacy-invasive police powers without explanation or justification as to its necessity” (Privacy Commissioner of Canada, News Release, May 1, 2002).

Similar privacy concerns have arisen because CCRA wants to use personal information in its traveller-surveillance database for unrelated secondary uses. In a joint letter to the Honourable Elinor Caplan, Minister of National Resources, the Privacy Commissioners across Canada stated:

“… the information contained in the database can be used for purposes unrelated to anti-terrorist security. Rather than collecting and retaining the personal information of a small number of targeted air travellers, as originally planned, the database is far greater in scope and now is slated to expand. We are disturbed that the federal government, in the face of these concerns, plans to expand the databases even further to include personal information on individuals who arrive in Canada by other means, such as trains, ships and buses” (Ann Cavoukian, Information and Privacy Commissioner/Ontario, Letter to The Honourable Elinor Caplan, Minister of National Revenue, November 12, 2002).

CCRA’s reason for creating this database is “forensic.” In order words, the Canadian Government wants to be able to use this database to search for relevant information, including known associates, in the event there is a terrorist attack and some of the perpetrators are known. Apparently, it also may want to be able to use this database to identify “everything from routine income tax investigations to trying to flag Canadians as potential pedophiles or money launderers solely on the basis of their travel patterns.” (Privacy Commissioner of Canada, Annual Report to Parliament 2001-2002).

The federal Privacy Commissioner maintains Bill C-17 should be amended to limit police access to “matching air passenger information against anti-terrorism and national security databases.”(Privacy Commissioner of Canada, News Release regarding the Public Safety Act, Bill C-17, November 1, 2002)

Data Quality

Another privacy concern about the anti-terrorism systems is the accuracy of the information or lack thereof. Data quality is one of the fair information practices recognized in both Canadian and American privacy legislation.

The issue of accuracy was of particular concern in regard to the proposed TIPS program. According to a 1992 report by Harvard University’s Project on Justice, the accuracy of informant reports is questionable, with some informants embellishing the truth and others suspected of fabricating their reports (Goldstein, “US planning to recruit one in 24 Americans as citizen spies”).

The ACM expressed concerns about the potential number of false positives in the TIA program; “in this case incorrectly labeling someone as a potential terrorist.” The Association noted that as the entire population of the United States would be subjected to TIA surveillance, even a small percentage of false positives would result in a large number of law-abiding Americans being mistakenly labelled.

“… suppose the system has an 99.9% accuracy rate. We believe that having only 0.1% of records being misclassified as belonging to potential terrorists would be an unachievable goal in practice. However, if records for everyone in the U.S. were processed monthly, even this unlikely low rate of false positives could result in as many as 3 million citizens being wrongly identified each year. More realistic assumptions about the percentage of false positives would drive the number even higher.” (U.S. Public Policy Committee, Association for Computing Machinery, Letter to the Senate Committee on Armed Services, January 23, 2003)

Data quality also is an issue for those anti-terrorism systems utilizing data mining, matching or profiling. Database fields are not standardized, and the data they contain is not always reliable. Names get misspelled, digits are transposed, addresses are outdated or incorrect, and few names are unique.

Some critics are concerned if inaccurate information is used in a profile, such as contemplated under TIA, CAPPS II or API/PNR systems, it may be taken out of context or misapplied. An additional problem relating to the accuracy of information is the fact that computers tend to “freeze dry” information. Data that was accurate for a moment in time may be preserved by a computer and then that moment extended temporally and spatially through a data match or profile, often to the detriment of the data subject (Nancy Reichman, “Computer Matching: Toward Computerized Systems of Regulations,” Law and Policy, October 1987, p. 404).

Resources

Notes and References

  1. Information about Invasion of Privacy in the Encarta Online Encyclopedia

Guide to Invasion of Privacy


Posted

in

,

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *