Tuesday, June 11, 2013

The NSA, Spying, and the Important Question We Aren't Asking

There's a lot of conversation going around about the NSA and recent revelations regarding the US government's massive collection of data, both domestic and foreign. There is speculation about the leaker (Edward Snowdon, apparently a Booz Allen employee), about the nature of the data being gathered (metadata on phone calls through Verizon, plus various other sorts of things that may or may not be foreign in origin), and about the legality and constitutionality of these efforts.

Many have pointed out that this is hardly a new Obama administration thing, that the Bush administration did many of the same things under the PATRIOT Act - which, although this disappoints some liberals, has helped take some of the partisan sting out of things.

These are all good and important questions (except the partisanship thing, which is silliness as usual). And to some degree, this has revived a much larger question: how much privacy are we willing to give up in exchange for security? That's an age-old question of governance critical to any age.

What I find missing from the conversation, however, is the other half of that question. We are focused on the how much privacy are we willing to give up part. What we're not talking about - at least, I haven't seen it yet - is how much security do we get, or even how much security should we expect.

What we're talking about, of course, is security from terrorist attacks. Protecting Americans from terrorist attacks is a legitimate concern of government, just as protecting us from foreign invasion or local crime are. But because terrorism is fundamentally asymmetric, you have to spend massive amounts to get small increases in protection - and even then, it's not perfect. It's never going to be perfect.

A case in point is the Boston Marathon bombing just a few weeks ago. This attack was carried out by what appear to be a pair of rank amateurs. It is almost certain that they used email, cell phones, and other communications before and during their attack. Yet the existing surveillance apparatus - as massive as it apparently is - was not enough to stop two young guys with no experience from blowing up bombs that killed three and injured more than 250.* The net which the NSA and others have cast isn't foolproof.

And this is very much the point. We can spend billions upon billions of dollars, and disaffected 20-somethings will still be able to blow up bombs in public places. We're not going to get perfect security from terrorism - and in the broader context, terrorism is one of the least of dangers in our society anyway (well behind alcohol-induced car accidents, murders, suicides, industrial accidents - there's a host of things that kill more Americans).

So in order to answer the question about how much privacy we're willing to give up in exchange for security, we have to decide how much security do we expect? If the answer is "a reasonable amount, but we know it's never going to be perfect", then the massive data-gathering the government is engaged in is probably a significant overreach. We could obtain the same result with far less effort, and far more privacy.

The problem, of course, is that politicians don't do rational calculations - because we don't let them. Any politician can be vilified, anytime something goes wrong, for "not having done enough". Michael Dukakis was raked over the coals - and ultimately lost his bid for the White House - in part because one criminal was paroled and went on to commit a crime.

Real-world reality dictates that we accept some level of vulnerability, and some number of deaths, just as we accept a certain level of car accidents, homicides, and other things (all of which kill more of us than terrorists do). How many accidental gun deaths committed by children have occurred in the last month?

But political reality - on the singular issue of terrorism (but not road accidents, or gun violence) - says to the politician, you must leave no stone unturned, no action untaken. You must be able to say, "we did everything we possibly could."

As usual, this is not the fault of our politicians - it's our own fault. We don't apply this logic to other arenas in life, else we would be driving on roads with 25 mph speed limits everywhere (imagine the lives we would save!) We don't comb through emails or phone calls for evidence that people are going to commit murder, or sell drugs, or rob banks, or any number of other illegal and harmful activities. And our political system is unable to put even the mildest controls on firearms. So why do we accept this "logic" when it comes to terrorism?

The government will stop this sort of massive spying when politicians are punished for overreaching on privacy but NOT punished every time there is a terrorist incident somewhere. Until then, they will continue to respond to the incentives we give them. And as long as we fail to ask questions about the security side and focus only on privacy, our privacy will continue to erode - without improving our security one bit.

* I am discounting out of hand the argument, made on the fringes, that the Boston explosions were a "false flag" attack planted by the government. There is no publicly available evidence to suggest that this is the case, and no obvious motive or outcome for having done so.

1 comment:

  1. Kathi Fisler has left a new comment on your post "The NSA, Spying, and the Important Question We Are...":

    I like the question of how much security we expect. I wonder whether the answer lies around an attack being larger than what we think we could personally pull off.

    There's a world of difference between the Boston Marathon attacks and ones large enough to bring down infrastructure (planes, buildings, etc). I can see how someone does the Boston attack from their kitchen, I don't expect the government to be in my kitchen, so I'd forgive them not detecting that attack. But if an attack is massive enough that it was "out there" somewhere, I suspect people expect that activity to get detected.

    I'm mostly thinking as I write this, but I wonder how much our notions of personal space define the sorts of attacks we hold officials accountable for stopping (at least from a terrorism perspective).